Prevent integer overflow when calculating the share in Http2UpgradeHandler##releaseBackLog.

[motingeyjr]

Hello, first PR here.

I ran into a case where I was encountering an Integer overflow during the calculation of share in the releaseBackLog() method.

Specifically, s.getConnectionAllocationRequested() * remaining was larger than the maximum size of an Integer and was being converted to a negative value.

This eventually resulted in an IllegalStateException, prior to the fix in Tomcat v9.0.113:

1774273408.510362 00005675:0024D48D XTOMHT2F: java.lang.IllegalArgumentException: newLimit < 0: (-1843 < 0)
1774273408.510363 00005675:0024D48D XTOMHT2F: at java.base/java.nio.Buffer.createLimitException(Buffer.java:395)
1774273408.510364 00005675:0024D48D XTOMHT2F: at java.base/java.nio.Buffer.limit(Buffer.java:369)
1774273408.510365 00005675:0024D48D XTOMHT2F: at java.base/java.nio.ByteBuffer.limit(ByteBuffer.java:1529)
1774273408.510366 00005675:0024D48D XTOMHT2F: at java.base/java.nio.ByteBuffer.limit(ByteBuffer.java:267)
1774273408.510367 00005675:0024D48D XTOMHT2F: at app//org.apache.coyote.http2.Http2AsyncUpgradeHandler.writeBody(Http2AsyncUpgradeHandler.java:249)
1774273408.510368 00005675:0024D48D XTOMHT2F: at app//org.apache.coyote.http2.Stream$StreamOutputBuffer.flush(Stream.java:1136)
1774273408.510369 00005675:0024D48D XTOMHT2F: at app//org.apache.coyote.http2.Stream$StreamOutputBuffer.flush(Stream.java:1071)
1774273408.510370 00005675:0024D48D XTOMHT2F: at app//org.apache.coyote.http2.Stream$StreamOutputBuffer.end(Stream.java:1174)
1774273408.510371 00005675:0024D48D XTOMHT2F: at app//org.apache.coyote.http2.Http2OutputBuffer.end(Http2OutputBuffer.java:69)
1774273408.510372 00005675:0024D48D XTOMHT2F: at app//org.apache.coyote.http2.StreamProcessor.finishResponse(StreamProcessor.java:272)
1774273408.510373 00005675:0024D48D XTOMHT2F: at app//org.apache.coyote.AbstractProcessor.action(AbstractProcessor.java:386)
1774273408.510374 00005675:0024D48D XTOMHT2F: at app//org.apache.coyote.Response.action(Response.java:200)
1774273408.510375 00005675:0024D48D XTOMHT2F: at app//org.apache.catalina.connector.OutputBuffer.close(OutputBuffer.java:253)
1774273408.510376 00005675:0024D48D XTOMHT2F: at app//org.apache.catalina.connector.Response.finishResponse(Response.java:442)
1774273408.510377 00005675:0024D48D XTOMHT2F: at app//org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:373)
1774273408.510378 00005675:0024D48D XTOMHT2F: at app//org.apache.coyote.http2.StreamProcessor.service(StreamProcessor.java:476)
1774273408.510379 00005675:0024D48D XTOMHT2F: at app//org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
1774273408.510380 00005675:0024D48D XTOMHT2F: at app//org.apache.coyote.http2.StreamProcessor.process(StreamProcessor.java:102)
1774273408.510381 00005675:0024D48D XTOMHT2F: at app//org.apache.coyote.http2.StreamRunnable.run(StreamRunnable.java:35)
1774273408.510382 00005675:0024D48D XTOMHT2F: at app//org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:973)
1774273408.510383 00005675:0024D48D XTOMHT2F: at app//org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:491)
1774273408.510384 00005675:0024D48D XTOMHT2F: at app//org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63)
1774273408.510385 00005675:0024D48D XTOMHT2F: at java.base/java.lang.Thread.run(Thread.java:857)

[markt-asf]

The fix (casting to long) is fine. I'm not convinced of the need for all the additional checks.

[motingeyjr]

Hey Mark, thanks for the review. I've removed the 2 extra negative checks that didn't pertain to this actual fix.