You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Sebb (JIRA)" <ji...@apache.org> on 2008/07/06 17:44:38 UTC
[jira] Created: (SANDBOX-246) Findbugs reports
Findbugs reports
----------------
Key: SANDBOX-246
URL: https://issues.apache.org/jira/browse/SANDBOX-246
Project: Commons Sandbox
Issue Type: Bug
Components: Compress
Reporter: Sebb
TarEntry defines equals(TarEntry) method which does not override Object.equals() - is this intended?
If so, maybe the method should be called something different such as isSame() to avoid confusion.
BZip2Compressor and ZipArchive return a pointer to a private byte array, thus allowing external code to modfy the contents of the final array.
They should return a copy.
BZip2OutputStream line 1302: m_block[ m_zptr[ ( lo + hi ) >> 1 ] + d + 1 ] );
Findbugs says:
{quote}
The code computes the average of two integers using either division or signed right shift, and then uses the result as the index of an array. If the values being averaged are very large, this can overflow (resulting in the computation of a negative average). Assuming that the result is intended to be nonnegative, you can use an unsigned right shift instead. In other words, rather that using (low+high)/2, use (low+high) >>> 1
{quote}
TarArchive line 74 may fail to close zInputStream
The classes ZipShort, ZipLong and AsiExtraField implement Cloneable but do not define or use the clone method.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (SANDBOX-246) Findbugs reports
Posted by "Stefan Bodewig (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SANDBOX-246?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stefan Bodewig resolved SANDBOX-246.
------------------------------------
Resolution: Fixed
with svn revision 743014 the only remaining issue are the "for future use" fields in JarArchiveEntry.
> Findbugs reports
> ----------------
>
> Key: SANDBOX-246
> URL: https://issues.apache.org/jira/browse/SANDBOX-246
> Project: Commons Sandbox
> Issue Type: Bug
> Components: Compress
> Reporter: Sebb
> Assignee: Stefan Bodewig
>
> TarEntry defines equals(TarEntry) method which does not override Object.equals() - is this intended?
> If so, maybe the method should be called something different such as isSame() to avoid confusion.
> BZip2Compressor and ZipArchive return a pointer to a private byte array, thus allowing external code to modfy the contents of the final array.
> They should return a copy.
> BZip2OutputStream line 1302: m_block[ m_zptr[ ( lo + hi ) >> 1 ] + d + 1 ] );
> Findbugs says:
> {quote}
> The code computes the average of two integers using either division or signed right shift, and then uses the result as the index of an array. If the values being averaged are very large, this can overflow (resulting in the computation of a negative average). Assuming that the result is intended to be nonnegative, you can use an unsigned right shift instead. In other words, rather that using (low+high)/2, use (low+high) >>> 1
> {quote}
> TarArchive line 74 may fail to close zInputStream
> The classes ZipShort, ZipLong and AsiExtraField implement Cloneable but do not define or use the clone method.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Moved: (COMPRESS-20) Findbugs reports
Posted by "Dennis Lundberg (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COMPRESS-20?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dennis Lundberg moved SANDBOX-246 to COMPRESS-20:
-------------------------------------------------
Component/s: (was: Compress)
Key: COMPRESS-20 (was: SANDBOX-246)
Project: Commons Compress (was: Commons Sandbox)
> Findbugs reports
> ----------------
>
> Key: COMPRESS-20
> URL: https://issues.apache.org/jira/browse/COMPRESS-20
> Project: Commons Compress
> Issue Type: Bug
> Reporter: Sebb
> Assignee: Stefan Bodewig
>
> TarEntry defines equals(TarEntry) method which does not override Object.equals() - is this intended?
> If so, maybe the method should be called something different such as isSame() to avoid confusion.
> BZip2Compressor and ZipArchive return a pointer to a private byte array, thus allowing external code to modfy the contents of the final array.
> They should return a copy.
> BZip2OutputStream line 1302: m_block[ m_zptr[ ( lo + hi ) >> 1 ] + d + 1 ] );
> Findbugs says:
> {quote}
> The code computes the average of two integers using either division or signed right shift, and then uses the result as the index of an array. If the values being averaged are very large, this can overflow (resulting in the computation of a negative average). Assuming that the result is intended to be nonnegative, you can use an unsigned right shift instead. In other words, rather that using (low+high)/2, use (low+high) >>> 1
> {quote}
> TarArchive line 74 may fail to close zInputStream
> The classes ZipShort, ZipLong and AsiExtraField implement Cloneable but do not define or use the clone method.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (COMPRESS-20) Findbugs reports
Posted by "Stefan Bodewig (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/COMPRESS-20?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stefan Bodewig updated COMPRESS-20:
-----------------------------------
Fix Version/s: 1.0
> Findbugs reports
> ----------------
>
> Key: COMPRESS-20
> URL: https://issues.apache.org/jira/browse/COMPRESS-20
> Project: Commons Compress
> Issue Type: Bug
> Reporter: Sebb
> Assignee: Stefan Bodewig
> Fix For: 1.0
>
>
> TarEntry defines equals(TarEntry) method which does not override Object.equals() - is this intended?
> If so, maybe the method should be called something different such as isSame() to avoid confusion.
> BZip2Compressor and ZipArchive return a pointer to a private byte array, thus allowing external code to modfy the contents of the final array.
> They should return a copy.
> BZip2OutputStream line 1302: m_block[ m_zptr[ ( lo + hi ) >> 1 ] + d + 1 ] );
> Findbugs says:
> {quote}
> The code computes the average of two integers using either division or signed right shift, and then uses the result as the index of an array. If the values being averaged are very large, this can overflow (resulting in the computation of a negative average). Assuming that the result is intended to be nonnegative, you can use an unsigned right shift instead. In other words, rather that using (low+high)/2, use (low+high) >>> 1
> {quote}
> TarArchive line 74 may fail to close zInputStream
> The classes ZipShort, ZipLong and AsiExtraField implement Cloneable but do not define or use the clone method.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SANDBOX-246) Findbugs reports
Posted by "Stefan Bodewig (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SANDBOX-246?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12670744#action_12670744 ]
Stefan Bodewig commented on SANDBOX-246:
----------------------------------------
re-ran findbugs since some of the issues have been outdated.
In addition:
ZipArchiveEntry clone may return null (this class doesn't exist in Ant)
TarInputStream and two methods in ZipFile ignore the result of InputStream.skip()
ArchiveStreamFactory createArchiveInputStream ignores result of InputStream read (not in Ant)
CpioArchiveEntry.setMode "forgets" to throw IllegalArgumentException (not in Ant)
redudant null check in CpioArchiveOutputStream.closeEntry (not in Ant)
JarArchiveEntry certificates and manifestattributes are never assigned to (not in Ant)
silly selfassignment of numToWrite in TarOutputStream write
JarArchivEntry returns pointer to private array (not in Ant) as does UnrecognizedExtraField
some static byte[] in ZipOutputStream could be abused by subclasses, not fixed in Ant because of backwards compatibility issues. Not sure whether it should be fixed in compress, will discuss on list.
CpioArchiveOutputStream synchronization of crc is inconsistent (not in Ant)
dead store to c in BZip2CompressorOutputStream med3
oddness-check in BZip2CompressorOutputStream sendMTFValues may fail for negative numbers
The problems that have also been in Ant's codebase have been fixed there in svn revision 741089 and merged over to compress in svn revision 741092.
the additional problems in cpio, JarArchive and ArchiveStreamFactory have been addressed in svn revision 741095.
will close this, once we know what to do with the remaining issues.
> Findbugs reports
> ----------------
>
> Key: SANDBOX-246
> URL: https://issues.apache.org/jira/browse/SANDBOX-246
> Project: Commons Sandbox
> Issue Type: Bug
> Components: Compress
> Reporter: Sebb
> Assignee: Stefan Bodewig
>
> TarEntry defines equals(TarEntry) method which does not override Object.equals() - is this intended?
> If so, maybe the method should be called something different such as isSame() to avoid confusion.
> BZip2Compressor and ZipArchive return a pointer to a private byte array, thus allowing external code to modfy the contents of the final array.
> They should return a copy.
> BZip2OutputStream line 1302: m_block[ m_zptr[ ( lo + hi ) >> 1 ] + d + 1 ] );
> Findbugs says:
> {quote}
> The code computes the average of two integers using either division or signed right shift, and then uses the result as the index of an array. If the values being averaged are very large, this can overflow (resulting in the computation of a negative average). Assuming that the result is intended to be nonnegative, you can use an unsigned right shift instead. In other words, rather that using (low+high)/2, use (low+high) >>> 1
> {quote}
> TarArchive line 74 may fail to close zInputStream
> The classes ZipShort, ZipLong and AsiExtraField implement Cloneable but do not define or use the clone method.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.