Fix integer overflows when dealing with templates. (#21628)

jpountz · web-flow · commit 23d5293f827f · 2016-11-21T10:41:08.000+01:00
The overflows were happening in two places, the parsing of the template that implicitly truncates the `order` when its value does not fall into the `integer` range, and the comparator that sorts templates in ascending order, since it returns `order2-order1`, which might overflow. Closes #21622
diff --git a/core/src/main/java/org/elasticsearch/cluster/metadata/MetaDataCreateIndexService.java b/core/src/main/java/org/elasticsearch/cluster/metadata/MetaDataCreateIndexService.java
@@ -474,12 +474,7 @@ private List<IndexTemplateMetaData> findTemplates(CreateIndexClusterStateUpdateR
             }
         }
 
-        CollectionUtil.timSort(templateMetadata, new Comparator<IndexTemplateMetaData>() {
-            @Override
-            public int compare(IndexTemplateMetaData o1, IndexTemplateMetaData o2) {
-                return o2.order() - o1.order();
-            }
-        });
+        CollectionUtil.timSort(templateMetadata, Comparator.comparingInt(IndexTemplateMetaData::order).reversed());
         return templateMetadata;
     }
 
diff --git a/core/src/main/java/org/elasticsearch/common/Numbers.java b/core/src/main/java/org/elasticsearch/common/Numbers.java
@@ -21,6 +21,9 @@
 
 import org.apache.lucene.util.BytesRef;
 
+import java.math.BigDecimal;
+import java.math.BigInteger;
+
 /**
  * A set of utilities for numbers.
  */
@@ -178,4 +181,56 @@ public static boolean isValidDouble(double value) {
         }
         return true;
     }
+
+    /** Return the long that {@code n} stores, or throws an exception if the
+     *  stored value cannot be converted to a long that stores the exact same
+     *  value. */
+    public static long toLongExact(Number n) {
+        if (n instanceof Byte || n instanceof Short || n instanceof Integer
+                || n instanceof Long) {
+            return n.longValue();
+        } else if (n instanceof Float || n instanceof Double) {
+            double d = n.doubleValue();
+            if (d != Math.round(d)) {
+                throw new IllegalArgumentException(n + " is not an integer value");
+            }
+            return n.longValue();
+        } else if (n instanceof BigDecimal) {
+            return ((BigDecimal) n).toBigIntegerExact().longValueExact();
+        } else if (n instanceof BigInteger) {
+            return ((BigInteger) n).longValueExact();
+        } else {
+            throw new IllegalArgumentException("Cannot check whether [" + n + "] of class [" + n.getClass().getName()
+                    + "] is actually a long");
+        }
+    }
+
+    /** Return the int that {@code n} stores, or throws an exception if the
+     *  stored value cannot be converted to an int that stores the exact same
+     *  value. */
+    public static int toIntExact(Number n) {
+        return Math.toIntExact(toLongExact(n));
+    }
+
+    /** Return the short that {@code n} stores, or throws an exception if the
+     *  stored value cannot be converted to a short that stores the exact same
+     *  value. */
+    public static short toShortExact(Number n) {
+        long l = toLongExact(n);
+        if (l != (short) l) {
+            throw new ArithmeticException("short overflow: " + l);
+        }
+        return (short) l;
+    }
+
+    /** Return the byte that {@code n} stores, or throws an exception if the
+     *  stored value cannot be converted to a byte that stores the exact same
+     *  value. */
+    public static byte toByteExact(Number n) {
+        long l = toLongExact(n);
+        if (l != (byte) l) {
+            throw new ArithmeticException("byte overflow: " + l);
+        }
+        return (byte) l;
+    }
 }
diff --git a/core/src/main/java/org/elasticsearch/common/xcontent/support/XContentMapValues.java b/core/src/main/java/org/elasticsearch/common/xcontent/support/XContentMapValues.java
@@ -24,6 +24,7 @@
 import org.apache.lucene.util.automaton.CharacterRunAutomaton;
 import org.apache.lucene.util.automaton.Operations;
 import org.elasticsearch.ElasticsearchParseException;
+import org.elasticsearch.common.Numbers;
 import org.elasticsearch.common.Strings;
 import org.elasticsearch.common.regex.Regex;
 import org.elasticsearch.common.unit.TimeValue;
@@ -357,7 +358,7 @@ public static double nodeDoubleValue(Object node) {
 
     public static int nodeIntegerValue(Object node) {
         if (node instanceof Number) {
-            return ((Number) node).intValue();
+            return Numbers.toIntExact((Number) node);
         }
         return Integer.parseInt(node.toString());
     }
@@ -366,10 +367,7 @@ public static int nodeIntegerValue(Object node, int defaultValue) {
         if (node == null) {
             return defaultValue;
         }
-        if (node instanceof Number) {
-            return ((Number) node).intValue();
-        }
-        return Integer.parseInt(node.toString());
+        return nodeIntegerValue(node);
     }
 
     public static short nodeShortValue(Object node, short defaultValue) {
@@ -381,7 +379,7 @@ public static short nodeShortValue(Object node, short defaultValue) {
 
     public static short nodeShortValue(Object node) {
         if (node instanceof Number) {
-            return ((Number) node).shortValue();
+            return Numbers.toShortExact((Number) node);
         }
         return Short.parseShort(node.toString());
     }
@@ -395,7 +393,7 @@ public static byte nodeByteValue(Object node, byte defaultValue) {
 
     public static byte nodeByteValue(Object node) {
         if (node instanceof Number) {
-            return ((Number) node).byteValue();
+            return Numbers.toByteExact((Number) node);
         }
         return Byte.parseByte(node.toString());
     }
@@ -409,7 +407,7 @@ public static long nodeLongValue(Object node, long defaultValue) {
 
     public static long nodeLongValue(Object node) {
         if (node instanceof Number) {
-            return ((Number) node).longValue();
+            return Numbers.toLongExact((Number) node);
         }
         return Long.parseLong(node.toString());
     }
diff --git a/core/src/test/java/org/elasticsearch/common/NumbersTests.java b/core/src/test/java/org/elasticsearch/common/NumbersTests.java
@@ -0,0 +1,146 @@
+/*
+ * Licensed to Elasticsearch under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.elasticsearch.common;
+
+import org.elasticsearch.test.ESTestCase;
+
+import java.math.BigDecimal;
+import java.math.BigInteger;
+import java.util.concurrent.atomic.AtomicInteger;
+
+public class NumbersTests extends ESTestCase {
+
+    public void testToLongExact() {
+        assertEquals(3L, Numbers.toLongExact(Long.valueOf(3L)));
+        assertEquals(3L, Numbers.toLongExact(Integer.valueOf(3)));
+        assertEquals(3L, Numbers.toLongExact(Short.valueOf((short) 3)));
+        assertEquals(3L, Numbers.toLongExact(Byte.valueOf((byte) 3)));
+        assertEquals(3L, Numbers.toLongExact(3d));
+        assertEquals(3L, Numbers.toLongExact(3f));
+        assertEquals(3L, Numbers.toLongExact(BigInteger.valueOf(3L)));
+        assertEquals(3L, Numbers.toLongExact(BigDecimal.valueOf(3L)));
+
+        IllegalArgumentException e = expectThrows(IllegalArgumentException.class,
+                () -> Numbers.toLongExact(3.1d));
+        assertEquals("3.1 is not an integer value", e.getMessage());
+        e = expectThrows(IllegalArgumentException.class,
+                () -> Numbers.toLongExact(Double.NaN));
+        assertEquals("NaN is not an integer value", e.getMessage());
+        e = expectThrows(IllegalArgumentException.class,
+                () -> Numbers.toLongExact(Double.POSITIVE_INFINITY));
+        assertEquals("Infinity is not an integer value", e.getMessage());
+        e = expectThrows(IllegalArgumentException.class,
+                () -> Numbers.toLongExact(3.1f));
+        assertEquals("3.1 is not an integer value", e.getMessage());
+        e = expectThrows(IllegalArgumentException.class,
+                () -> Numbers.toLongExact(new AtomicInteger(3))); // not supported
+        assertEquals("Cannot check whether [3] of class [java.util.concurrent.atomic.AtomicInteger] is actually a long", e.getMessage());
+    }
+
+    public void testToIntExact() {
+        assertEquals(3L, Numbers.toIntExact(Long.valueOf(3L)));
+        assertEquals(3L, Numbers.toIntExact(Integer.valueOf(3)));
+        assertEquals(3L, Numbers.toIntExact(Short.valueOf((short) 3)));
+        assertEquals(3L, Numbers.toIntExact(Byte.valueOf((byte) 3)));
+        assertEquals(3L, Numbers.toIntExact(3d));
+        assertEquals(3L, Numbers.toIntExact(3f));
+        assertEquals(3L, Numbers.toIntExact(BigInteger.valueOf(3L)));
+        assertEquals(3L, Numbers.toIntExact(BigDecimal.valueOf(3L)));
+
+        IllegalArgumentException e = expectThrows(IllegalArgumentException.class,
+                () -> Numbers.toIntExact(3.1d));
+        assertEquals("3.1 is not an integer value", e.getMessage());
+        e = expectThrows(IllegalArgumentException.class,
+                () -> Numbers.toLongExact(Double.NaN));
+        assertEquals("NaN is not an integer value", e.getMessage());
+        e = expectThrows(IllegalArgumentException.class,
+                () -> Numbers.toLongExact(Double.POSITIVE_INFINITY));
+        assertEquals("Infinity is not an integer value", e.getMessage());
+        e = expectThrows(IllegalArgumentException.class,
+                () -> Numbers.toIntExact(3.1f));
+        assertEquals("3.1 is not an integer value", e.getMessage());
+        ArithmeticException ae = expectThrows(ArithmeticException.class,
+                () -> Numbers.toIntExact(1L << 40));
+        assertEquals("integer overflow", ae.getMessage());
+        e = expectThrows(IllegalArgumentException.class,
+                () -> Numbers.toIntExact(new AtomicInteger(3))); // not supported
+        assertEquals("Cannot check whether [3] of class [java.util.concurrent.atomic.AtomicInteger] is actually a long", e.getMessage());
+    }
+
+    public void testToShortExact() {
+        assertEquals(3L, Numbers.toShortExact(Long.valueOf(3L)));
+        assertEquals(3L, Numbers.toShortExact(Integer.valueOf(3)));
+        assertEquals(3L, Numbers.toShortExact(Short.valueOf((short) 3)));
+        assertEquals(3L, Numbers.toShortExact(Byte.valueOf((byte) 3)));
+        assertEquals(3L, Numbers.toShortExact(3d));
+        assertEquals(3L, Numbers.toShortExact(3f));
+        assertEquals(3L, Numbers.toShortExact(BigInteger.valueOf(3L)));
+        assertEquals(3L, Numbers.toShortExact(BigDecimal.valueOf(3L)));
+
+        IllegalArgumentException e = expectThrows(IllegalArgumentException.class,
+                () -> Numbers.toShortExact(3.1d));
+        assertEquals("3.1 is not an integer value", e.getMessage());
+        e = expectThrows(IllegalArgumentException.class,
+                () -> Numbers.toLongExact(Double.NaN));
+        assertEquals("NaN is not an integer value", e.getMessage());
+        e = expectThrows(IllegalArgumentException.class,
+                () -> Numbers.toLongExact(Double.POSITIVE_INFINITY));
+        assertEquals("Infinity is not an integer value", e.getMessage());
+        e = expectThrows(IllegalArgumentException.class,
+                () -> Numbers.toShortExact(3.1f));
+        assertEquals("3.1 is not an integer value", e.getMessage());
+        ArithmeticException ae = expectThrows(ArithmeticException.class,
+                () -> Numbers.toShortExact(100000));
+        assertEquals("short overflow: " + 100000, ae.getMessage());
+        e = expectThrows(IllegalArgumentException.class,
+                () -> Numbers.toShortExact(new AtomicInteger(3))); // not supported
+        assertEquals("Cannot check whether [3] of class [java.util.concurrent.atomic.AtomicInteger] is actually a long", e.getMessage());
+    }
+
+    public void testToByteExact() {
+        assertEquals(3L, Numbers.toByteExact(Long.valueOf(3L)));
+        assertEquals(3L, Numbers.toByteExact(Integer.valueOf(3)));
+        assertEquals(3L, Numbers.toByteExact(Short.valueOf((short) 3)));
+        assertEquals(3L, Numbers.toByteExact(Byte.valueOf((byte) 3)));
+        assertEquals(3L, Numbers.toByteExact(3d));
+        assertEquals(3L, Numbers.toByteExact(3f));
+        assertEquals(3L, Numbers.toByteExact(BigInteger.valueOf(3L)));
+        assertEquals(3L, Numbers.toByteExact(BigDecimal.valueOf(3L)));
+
+        IllegalArgumentException e = expectThrows(IllegalArgumentException.class,
+                () -> Numbers.toByteExact(3.1d));
+        assertEquals("3.1 is not an integer value", e.getMessage());
+        e = expectThrows(IllegalArgumentException.class,
+                () -> Numbers.toLongExact(Double.NaN));
+        assertEquals("NaN is not an integer value", e.getMessage());
+        e = expectThrows(IllegalArgumentException.class,
+                () -> Numbers.toLongExact(Double.POSITIVE_INFINITY));
+        assertEquals("Infinity is not an integer value", e.getMessage());
+        e = expectThrows(IllegalArgumentException.class,
+                () -> Numbers.toByteExact(3.1f));
+        assertEquals("3.1 is not an integer value", e.getMessage());
+        ArithmeticException ae = expectThrows(ArithmeticException.class,
+                () -> Numbers.toByteExact(300));
+        assertEquals("byte overflow: " + 300, ae.getMessage());
+        e = expectThrows(IllegalArgumentException.class,
+                () -> Numbers.toByteExact(new AtomicInteger(3))); // not supported
+        assertEquals("Cannot check whether [3] of class [java.util.concurrent.atomic.AtomicInteger] is actually a long", e.getMessage());
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -474,12 +474,7 @@ private List<IndexTemplateMetaData> findTemplates(CreateIndexClusterStateUpdateR`
`474`	`474`	`}`
`475`	`475`	`}`
`476`	`476`
`477`		`- CollectionUtil.timSort(templateMetadata, new Comparator<IndexTemplateMetaData>() {`
`478`		`- @Override`
`479`		`- public int compare(IndexTemplateMetaData o1, IndexTemplateMetaData o2) {`
`480`		`- return o2.order() - o1.order();`
`481`		`- }`
`482`		`- });`
	`477`	`+ CollectionUtil.timSort(templateMetadata, Comparator.comparingInt(IndexTemplateMetaData::order).reversed());`
`483`	`478`	`return templateMetadata;`
`484`	`479`	`}`
`485`	`480`
Original file line number	Diff line number	Diff line change
`@@ -24,6 +24,7 @@`
`24`	`24`	`import org.apache.lucene.util.automaton.CharacterRunAutomaton;`
`25`	`25`	`import org.apache.lucene.util.automaton.Operations;`
`26`	`26`	`import org.elasticsearch.ElasticsearchParseException;`
	`27`	`+import org.elasticsearch.common.Numbers;`
`27`	`28`	`import org.elasticsearch.common.Strings;`
`28`	`29`	`import org.elasticsearch.common.regex.Regex;`
`29`	`30`	`import org.elasticsearch.common.unit.TimeValue;`
`@@ -357,7 +358,7 @@ public static double nodeDoubleValue(Object node) {`
`357`	`358`
`358`	`359`	`public static int nodeIntegerValue(Object node) {`
`359`	`360`	`if (node instanceof Number) {`
`360`		`- return ((Number) node).intValue();`
	`361`	`+ return Numbers.toIntExact((Number) node);`
`361`	`362`	`}`
`362`	`363`	`return Integer.parseInt(node.toString());`
`363`	`364`	`}`
`@@ -366,10 +367,7 @@ public static int nodeIntegerValue(Object node, int defaultValue) {`
`366`	`367`	`if (node == null) {`
`367`	`368`	`return defaultValue;`
`368`	`369`	`}`
`369`		`- if (node instanceof Number) {`
`370`		`- return ((Number) node).intValue();`
`371`		`- }`
`372`		`- return Integer.parseInt(node.toString());`
	`370`	`+ return nodeIntegerValue(node);`
`373`	`371`	`}`
`374`	`372`
`375`	`373`	`public static short nodeShortValue(Object node, short defaultValue) {`
`@@ -381,7 +379,7 @@ public static short nodeShortValue(Object node, short defaultValue) {`
`381`	`379`
`382`	`380`	`public static short nodeShortValue(Object node) {`
`383`	`381`	`if (node instanceof Number) {`
`384`		`- return ((Number) node).shortValue();`
	`382`	`+ return Numbers.toShortExact((Number) node);`
`385`	`383`	`}`
`386`	`384`	`return Short.parseShort(node.toString());`
`387`	`385`	`}`
`@@ -395,7 +393,7 @@ public static byte nodeByteValue(Object node, byte defaultValue) {`
`395`	`393`
`396`	`394`	`public static byte nodeByteValue(Object node) {`
`397`	`395`	`if (node instanceof Number) {`
`398`		`- return ((Number) node).byteValue();`
	`396`	`+ return Numbers.toByteExact((Number) node);`
`399`	`397`	`}`
`400`	`398`	`return Byte.parseByte(node.toString());`
`401`	`399`	`}`
`@@ -409,7 +407,7 @@ public static long nodeLongValue(Object node, long defaultValue) {`
`409`	`407`
`410`	`408`	`public static long nodeLongValue(Object node) {`
`411`	`409`	`if (node instanceof Number) {`
`412`		`- return ((Number) node).longValue();`
	`410`	`+ return Numbers.toLongExact((Number) node);`
`413`	`411`	`}`
`414`	`412`	`return Long.parseLong(node.toString());`
`415`	`413`	`}`