Add overflow checking for large Durations

Fixes #215

Author: jhalterman

CHANGELOG.md

@@ -5,6 +5,10 @@
 - Issue #310 - Added `.builder(PolicyConfig)` methods to each of the policy interfaces, to allow new policies to be built from existing config.
 - Issue #251 - Relaxed the illegal state validation in `RetryPolicyBuilder` to allow different types of delays to be configured, replacing previous configuration. Also removed the requirement that a jitter duration be configured after a delay.
 
+### Bug Fixes
+
+- Issue #215 - Added overflow checking for large user-provided `Duration` values.
+
 # 3.0
 
 

src/main/java/dev/failsafe/CircuitBreakerBuilder.java

@@ -19,6 +19,7 @@
 import dev.failsafe.event.EventListener;
 import dev.failsafe.internal.CircuitBreakerImpl;
 import dev.failsafe.internal.util.Assert;
+import dev.failsafe.internal.util.Durations;
 
 import java.time.Duration;
 import java.util.function.BiPredicate;
@@ -112,6 +113,7 @@ public CircuitBreakerBuilder<R> onOpen(EventListener<CircuitBreakerStateChangedE
    */
   public CircuitBreakerBuilder<R> withDelay(Duration delay) {
     Assert.notNull(delay, "delay");
+    delay = Durations.ofSafeNanos(delay);
     Assert.isTrue(delay.toNanos() >= 0, "delay must be >= 0");
     config.delay = delay;
     return this;

src/main/java/dev/failsafe/RetryPolicyBuilder.java

@@ -21,6 +21,7 @@
 import dev.failsafe.event.ExecutionScheduledEvent;
 import dev.failsafe.internal.RetryPolicyImpl;
 import dev.failsafe.internal.util.Assert;
+import dev.failsafe.internal.util.Durations;
 
 import java.time.Duration;
 import java.time.temporal.ChronoUnit;
@@ -290,6 +291,8 @@ public RetryPolicyBuilder<R> withBackoff(long delay, long maxDelay, ChronoUnit c
   public RetryPolicyBuilder<R> withBackoff(Duration delay, Duration maxDelay, double delayFactor) {
     Assert.notNull(delay, "delay");
     Assert.notNull(maxDelay, "maxDelay");
+    delay = Durations.ofSafeNanos(delay);
+    maxDelay = Durations.ofSafeNanos(maxDelay);
     Assert.isTrue(!delay.isNegative() && !delay.isZero(), "The delay must be > 0");
     Assert.state(config.maxDuration == null || delay.toNanos() < config.maxDuration.toNanos(),
       "delay must be < the maxDuration");
@@ -319,6 +322,7 @@ public RetryPolicyBuilder<R> withBackoff(Duration delay, Duration maxDelay, doub
   @Override
   public RetryPolicyBuilder<R> withDelay(Duration delay) {
     Assert.notNull(delay, "delay");
+    delay = Durations.ofSafeNanos(delay);
     Assert.state(config.maxDuration == null || delay.toNanos() < config.maxDuration.toNanos(),
       "delay must be < the maxDuration");
     Assert.state(config.jitter == null || delay.toNanos() >= config.jitter.toNanos(),
@@ -361,6 +365,8 @@ public RetryPolicyBuilder<R> withDelay(long delayMin, long delayMax, ChronoUnit
   public RetryPolicyBuilder<R> withDelay(Duration delayMin, Duration delayMax) {
     Assert.notNull(delayMin, "delayMin");
     Assert.notNull(delayMax, "delayMax");
+    delayMin = Durations.ofSafeNanos(delayMin);
+    delayMax = Durations.ofSafeNanos(delayMax);
     Assert.isTrue(!delayMin.isNegative() && !delayMin.isZero(), "delayMin must be > 0");
     Assert.isTrue(!delayMax.isNegative() && !delayMax.isZero(), "delayMax must be > 0");
     Assert.isTrue(delayMin.toNanos() < delayMax.toNanos(), "delayMin must be < delayMax");
@@ -415,6 +421,7 @@ public RetryPolicyBuilder<R> withJitter(double jitterFactor) {
    */
   public RetryPolicyBuilder<R> withJitter(Duration jitter) {
     Assert.notNull(jitter, "jitter");
+    jitter = Durations.ofSafeNanos(jitter);
     Assert.isTrue(jitter.toNanos() > 0, "jitter must be > 0");
     boolean validJitter = config.delayMin != null ?
       jitter.toNanos() <= config.delayMin.toNanos() :
@@ -459,6 +466,7 @@ public RetryPolicyBuilder<R> withMaxAttempts(int maxAttempts) {
    */
   public RetryPolicyBuilder<R> withMaxDuration(Duration maxDuration) {
     Assert.notNull(maxDuration, "maxDuration");
+    maxDuration = Durations.ofSafeNanos(maxDuration);
     Assert.state(maxDuration.toNanos() > config.delay.toNanos(), "maxDuration must be > the delay");
     Assert.state(config.delayMax == null || maxDuration.toNanos() > config.delayMax.toNanos(),
       "maxDuration must be > the max random delay");

src/main/java/dev/failsafe/internal/util/Durations.java

@@ -0,0 +1,37 @@
+/*
+ * Copyright 2011-2021 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+package dev.failsafe.internal.util;
+
+import java.time.Duration;
+
+/**
+ * Duration and long utilities.
+ */
+public final class Durations {
+  static long MAX_SECONDS_PER_LONG = Long.MAX_VALUE / 1000_000_000L;
+  static Duration MAX_SAFE_NANOS_DURATION = Duration.ofSeconds(MAX_SECONDS_PER_LONG);
+
+  private Durations() {
+  }
+
+  /**
+   * Returns either the {@code duration} else a Duration containing the max seconds that can safely be converted to
+   * nanos without overflowing.
+   */
+  public static Duration ofSafeNanos(Duration duration) {
+    return duration.getSeconds() < MAX_SECONDS_PER_LONG ? duration : MAX_SAFE_NANOS_DURATION;
+  }
+}

src/main/java/dev/failsafe/spi/DelayablePolicy.java

@@ -18,6 +18,7 @@
 import dev.failsafe.DelayablePolicyConfig;
 import dev.failsafe.ExecutionContext;
 import dev.failsafe.Policy;
+import dev.failsafe.internal.util.Durations;
 
 import java.time.Duration;
 
@@ -48,7 +49,7 @@ default Duration computeDelay(ExecutionContext<R> context) {
         delayFailure == null || (exFailure != null && delayFailure.isAssignableFrom(exFailure.getClass()));
       if (delayResultMatched && delayFailureMatched) {
         try {
-          computed = config.getDelayFn().get(context);
+          computed = Durations.ofSafeNanos(config.getDelayFn().get(context));
         } catch (Throwable e) {
           if (e instanceof RuntimeException)
             throw (RuntimeException) e;

src/test/java/dev/failsafe/internal/util/DurationsTest.java

@@ -0,0 +1,34 @@
+/*
+ * Copyright 2021 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+package dev.failsafe.internal.util;
+
+import org.testng.annotations.Test;
+
+import java.time.Duration;
+
+import static dev.failsafe.internal.util.Durations.*;
+import static org.testng.Assert.assertEquals;
+
+@Test
+public class DurationsTest {
+  public void testOfSafeNanos() {
+    assertEquals(ofSafeNanos(Duration.ofSeconds(MAX_SECONDS_PER_LONG)), MAX_SAFE_NANOS_DURATION);
+    assertEquals(ofSafeNanos(Duration.ofSeconds(MAX_SECONDS_PER_LONG + 1)), MAX_SAFE_NANOS_DURATION);
+    assertEquals(ofSafeNanos(Duration.ofSeconds(Long.MAX_VALUE)), MAX_SAFE_NANOS_DURATION);
+    Duration safeDuration = Duration.ofSeconds(MAX_SECONDS_PER_LONG - 1000);
+    assertEquals(ofSafeNanos(safeDuration), safeDuration);
+  }
+}

src/test/java/dev/failsafe/issues/Issue215.java

@@ -0,0 +1,14 @@
+package dev.failsafe.issues;
+
+import dev.failsafe.RetryPolicy;
+import org.testng.annotations.Test;
+
+import java.time.Duration;
+
+@Test
+public class Issue215 {
+  public void test() {
+    RetryPolicy.builder()
+      .withBackoff(Duration.ofNanos(Long.MAX_VALUE).minusSeconds(1), Duration.ofSeconds(Long.MAX_VALUE), 1.50);
+  }
+}