commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stefan Bodewig (JIRA)" <j...@apache.org>
Subject [jira] Commented: (SANDBOX-246) Findbugs reports
Date Thu, 05 Feb 2009 13:01:59 GMT

    [ https://issues.apache.org/jira/browse/SANDBOX-246?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12670744#action_12670744
] 

Stefan Bodewig commented on SANDBOX-246:
----------------------------------------

re-ran findbugs since some of the issues have been outdated.

In addition: 

ZipArchiveEntry clone may return null (this class doesn't exist in Ant)

TarInputStream and two methods in ZipFile ignore the result of InputStream.skip()

ArchiveStreamFactory createArchiveInputStream ignores result of InputStream read (not in Ant)

CpioArchiveEntry.setMode "forgets" to throw IllegalArgumentException (not in Ant)

redudant null check in CpioArchiveOutputStream.closeEntry (not in Ant)

JarArchiveEntry certificates and manifestattributes are never assigned to (not in Ant)

silly selfassignment of numToWrite in TarOutputStream write

JarArchivEntry returns pointer to private array (not in Ant) as does UnrecognizedExtraField

some static byte[] in ZipOutputStream could be abused by subclasses, not fixed in Ant because
of backwards compatibility issues.  Not sure whether it should be fixed in compress, will
discuss on list.

CpioArchiveOutputStream synchronization of crc is inconsistent (not in Ant)

dead store to c in BZip2CompressorOutputStream med3

oddness-check in BZip2CompressorOutputStream sendMTFValues may fail for negative numbers

The problems that have also been in Ant's codebase have been fixed there in svn revision 741089
and merged over to compress in svn revision 741092.

the additional problems in cpio, JarArchive and ArchiveStreamFactory  have been addressed
in svn revision 741095.

will close this, once we know what to do with the remaining issues.

> Findbugs reports
> ----------------
>
>                 Key: SANDBOX-246
>                 URL: https://issues.apache.org/jira/browse/SANDBOX-246
>             Project: Commons Sandbox
>          Issue Type: Bug
>          Components: Compress
>            Reporter: Sebb
>            Assignee: Stefan Bodewig
>
> TarEntry defines equals(TarEntry) method which does not override Object.equals() - is
this intended?
> If so, maybe the method should be called something different such as isSame() to avoid
confusion.
> BZip2Compressor and ZipArchive return a pointer to a private byte array, thus allowing
external code to modfy the contents of the final array.
> They should return a copy.
> BZip2OutputStream line 1302:   m_block[ m_zptr[ ( lo + hi ) >> 1 ] + d + 1 ] );
> Findbugs says:
> {quote}
> The code computes the average of two integers using either division or signed right shift,
and then uses the result as the index of an array. If the values being averaged are very large,
this can overflow (resulting in the computation of a negative average). Assuming that the
result is intended to be nonnegative, you can use an unsigned right shift instead. In other
words, rather that using (low+high)/2, use (low+high) >>> 1 
> {quote}
> TarArchive line 74 may fail to close zInputStream
> The classes ZipShort, ZipLong and AsiExtraField implement Cloneable but do not define
or use the clone method.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message