You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zookeeper.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2017/04/18 19:51:41 UTC
[jira] [Commented] (ZOOKEEPER-2731) Cleanup findbug warnings in
branch-3.4: Malicious code vulnerability Warnings
[ https://issues.apache.org/jira/browse/ZOOKEEPER-2731?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15973370#comment-15973370 ]
ASF GitHub Bot commented on ZOOKEEPER-2731:
-------------------------------------------
GitHub user afine opened a pull request:
https://github.com/apache/zookeeper/pull/232
ZOOKEEPER-2731: Cleanup findbug warnings in branch-3.4: Malicious code vulnerability Warnings
There are two interesting parts to this change.
The first is in the Jute compiler. Fields that are declared buffers (translated to byte[] in java) now perform a clone in the constructor and while "getting and setting", following best practice. This prevents accidental changes to arrays once passed into or out of jute records but may negatively impact memory usage and performance. Would be interested in hearing if people think this is acceptable.
The second is in ZooDefs. We are currently declaring our predefined ACL lists with `new ArrayList<ACL>(Collections.singletonList(new ACL(...`. This seems strange to me as we appear to be converting a List type to an ArrayList. Would be great if someone could shed some light on why we do this. I think this logic can be simplified to `Collections.singletonList(new ACL(...` with the added bonus that the resulting list is immutable (making FindBugs happy).
Thanks,
Abe
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/afine/zookeeper ZOOKEEPER-2731
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/zookeeper/pull/232.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #232
----
commit c5e3900bf768c6b4b1c0a2683be2b08259d328f8
Author: Abraham Fine <af...@apache.org>
Date: 2017-04-18T19:39:46Z
ZOOKEEPER-2731: Cleanup findbug warnings in branch-3.4: Malicious code vulnerability Warnings
----
> Cleanup findbug warnings in branch-3.4: Malicious code vulnerability Warnings
> -----------------------------------------------------------------------------
>
> Key: ZOOKEEPER-2731
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2731
> Project: ZooKeeper
> Issue Type: Sub-task
> Affects Versions: 3.4.9
> Reporter: Rakesh R
> Assignee: Abraham Fine
> Fix For: 3.4.11
>
>
> Please refer the attached sheet in parent jira. Below is the details of findbug warnings.
> {code}
> AT Sequence of calls to java.util.concurrent.ConcurrentHashMap may not be atomic in org.apache.zookeeper.server.quorum.QuorumCnxManager.handleConnection(Socket, DataInputStream)
> AT Sequence of calls to java.util.concurrent.ConcurrentHashMap may not be atomic in org.apache.zookeeper.server.quorum.QuorumCnxManager.startConnection(Socket, Long)
> AT Sequence of calls to java.util.concurrent.ConcurrentHashMap may not be atomic in org.apache.zookeeper.server.quorum.QuorumCnxManager.toSend(Long, ByteBuffer)
> VO Increment of volatile field org.apache.zookeeper.server.quorum.AuthFastLeaderElection.logicalclock in org.apache.zookeeper.server.quorum.AuthFastLeaderElection.leaveInstance()
> VO Increment of volatile field org.apache.zookeeper.server.quorum.AuthFastLeaderElection.logicalclock in org.apache.zookeeper.server.quorum.AuthFastLeaderElection.lookForLeader()
> VO Increment of volatile field org.apache.zookeeper.server.quorum.FastLeaderElection.logicalclock in org.apache.zookeeper.server.quorum.FastLeaderElection.lookForLeader()
> VO Increment of volatile field org.apache.zookeeper.server.quorum.QuorumPeer.tick in org.apache.zookeeper.server.quorum.Leader.lead()
> VO Increment of volatile field org.apache.zookeeper.server.quorum.QuorumPeer.tick in org.apache.zookeeper.server.quorum.Leader.lead()
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)