librdkafka icon indicating copy to clipboard operation
librdkafka copied to clipboard

Published 20 hours ago verified publisher icon confluentinc

rdkafka_broker.c: Potential Interger Overflow

Open stasos24 opened this issue 7 months ago • 0 comments

Since inflight_cnt, retry_cnt, outq_cnt has int type https://github.com/confluentinc/librdkafka/blob/93877617709eb071a0f4ec7038c54e2764abefc9/src/rdkafka_broker.c#L941-L942

And rd_atomic64_add accepts two int64 https://github.com/confluentinc/librdkafka/blob/93877617709eb071a0f4ec7038c54e2764abefc9/src/rdatomic.h#L144-L145

There is possible integer overflow at: https://github.com/confluentinc/librdkafka/blob/93877617709eb071a0f4ec7038c54e2764abefc9/src/rdkafka_broker.c#L969-L970

Possible fix: <static_cast>(int64) inflight_cnt + outq_cnt

stasos24 avatar Mar 09 '25 14:03 stasos24