Observe that ExactMath delegates to Math after performing the necessary additional Math calls.
Gary On Wed, Feb 9, 2022, 08:12 Gilles Sadowski <[email protected]> wrote: > Hello. > > Le mer. 9 févr. 2022 à 02:59, <[email protected]> a écrit : > > > > This is an automated email from the ASF dual-hosted git repository. > > > > ggregory pushed a commit to branch master > > in repository https://gitbox.apache.org/repos/asf/commons-compress.git > > > > > > The following commit(s) were added to refs/heads/master by this push: > > new 666e787 Address CodeQL issues in pack200/unpack200 packages. > > 666e787 is described below > > > > commit 666e787a17e4e7321b70e99e55acf27b6382ab17 > > Author: Gary Gregory <[email protected]> > > AuthorDate: Tue Feb 8 20:59:31 2022 -0500 > > > > Address CodeQL issues in pack200/unpack200 packages. > > > > Throw ArithmeticExceptioninstead of silently overflowing. > > --- > > .../compress/archivers/cpio/CpioArchiveEntry.java | 3 +- > > .../compress/harmony/pack200/BHSDCodec.java | 6 ++- > > .../compress/harmony/pack200/FileBands.java | 3 +- > > .../commons/compress/harmony/pack200/RunCodec.java | 8 ++-- > > .../compress/harmony/unpack200/BandSet.java | 3 +- > > .../apache/commons/compress/utils/ExactMath.java | 44 > ++++++++++++++++++++++ > > 6 files changed, 59 insertions(+), 8 deletions(-) > > > > diff --git > a/src/main/java/org/apache/commons/compress/archivers/cpio/CpioArchiveEntry.java > b/src/main/java/org/apache/commons/compress/archivers/cpio/CpioArchiveEntry.java > > index 57c77f5..5e5e7ad 100644 > > --- > a/src/main/java/org/apache/commons/compress/archivers/cpio/CpioArchiveEntry.java > > +++ > b/src/main/java/org/apache/commons/compress/archivers/cpio/CpioArchiveEntry.java > > @@ -30,6 +30,7 @@ import java.util.Objects; > > import java.util.concurrent.TimeUnit; > > > > import org.apache.commons.compress.archivers.ArchiveEntry; > > +import org.apache.commons.compress.utils.ExactMath; > > Why is this class used rather than "Math.addExact"[1]? > [If there is a reason, then the Javadoc of method "add(int,long)" > should document the purpose and rationale of the odd signature > (and its caveat that it can throw even for computations that would > not overflow).] > > Regards, > Gilles > > [1] > https://docs.oracle.com/javase/8/docs/api/java/lang/Math.html#addExact-int-int- > > > > > /** > > * A cpio archive consists of a sequence of files. There are several > types of > > @@ -572,7 +573,7 @@ public class CpioArchiveEntry implements > CpioConstants, ArchiveEntry { > > } > > int size = this.headerSize + 1; // Name has terminating null > > if (name != null) { > > - size += nameSize; > > + size = ExactMath.add(size, nameSize); > > } > > final int remain = size % this.alignmentBoundary; > > if (remain > 0) { > > diff --git > a/src/main/java/org/apache/commons/compress/harmony/pack200/BHSDCodec.java > b/src/main/java/org/apache/commons/compress/harmony/pack200/BHSDCodec.java > > index 8bd7020..5117481 100644 > > --- > a/src/main/java/org/apache/commons/compress/harmony/pack200/BHSDCodec.java > > +++ > b/src/main/java/org/apache/commons/compress/harmony/pack200/BHSDCodec.java > > @@ -22,6 +22,8 @@ import java.io.InputStream; > > import java.util.ArrayList; > > import java.util.List; > > > > +import org.apache.commons.compress.utils.ExactMath; > > + > > /** > > * A BHSD codec is a means of encoding integer values as a sequence of > bytes or vice versa using a specified "BHSD" > > * encoding mechanism. It uses a variable-length encoding and a > modified sign representation such that small numbers are > > @@ -243,7 +245,7 @@ public final class BHSDCodec extends Codec { > > band[i] -= cardinality; > > } > > while (band[i] < smallest) { > > - band[i] += cardinality; > > + band[i] = ExactMath.add(band[i], cardinality); > > } > > } > > } > > @@ -260,7 +262,7 @@ public final class BHSDCodec extends Codec { > > band[i] -= cardinality; > > } > > while (band[i] < smallest) { > > - band[i] += cardinality; > > + band[i] = ExactMath.add(band[i], cardinality); > > } > > } > > } > > diff --git > a/src/main/java/org/apache/commons/compress/harmony/pack200/FileBands.java > b/src/main/java/org/apache/commons/compress/harmony/pack200/FileBands.java > > index 746b900..a394978 100644 > > --- > a/src/main/java/org/apache/commons/compress/harmony/pack200/FileBands.java > > +++ > b/src/main/java/org/apache/commons/compress/harmony/pack200/FileBands.java > > @@ -25,6 +25,7 @@ import java.util.TimeZone; > > > > import org.apache.commons.compress.harmony.pack200.Archive.PackingFile; > > import org.apache.commons.compress.harmony.pack200.Archive.SegmentUnit; > > +import org.apache.commons.compress.utils.ExactMath; > > import org.objectweb.asm.ClassReader; > > > > /** > > @@ -86,7 +87,7 @@ public class FileBands extends BandSet { > > } > > final byte[] bytes = packingFile.getContents(); > > file_size[i] = bytes.length; > > - totalSize += file_size[i]; > > + totalSize = ExactMath.add(totalSize, file_size[i]); > > > > // update modification time > > modtime = (packingFile.getModtime() + > TimeZone.getDefault().getRawOffset()) / 1000L; > > diff --git > a/src/main/java/org/apache/commons/compress/harmony/pack200/RunCodec.java > b/src/main/java/org/apache/commons/compress/harmony/pack200/RunCodec.java > > index 41a07c3..f14b822 100644 > > --- > a/src/main/java/org/apache/commons/compress/harmony/pack200/RunCodec.java > > +++ > b/src/main/java/org/apache/commons/compress/harmony/pack200/RunCodec.java > > @@ -20,6 +20,8 @@ import java.io.IOException; > > import java.io.InputStream; > > import java.util.Arrays; > > > > +import org.apache.commons.compress.utils.ExactMath; > > + > > /** > > * A run codec is a grouping of two nested codecs; K values are decoded > from the first codec, and the remaining codes > > * are decoded from the remaining codec. Note that since this codec > maintains state, the instances are not reusable. > > @@ -68,7 +70,7 @@ public class RunCodec extends Codec { > > value -= cardinality; > > } > > while (value < bhsd.smallest()) { > > - value += cardinality; > > + value = ExactMath.add(value, cardinality); > > } > > } > > } > > @@ -98,7 +100,7 @@ public class RunCodec extends Codec { > > band[i] -= cardinality; > > } > > while (band[i] < bhsd.smallest()) { > > - band[i] += cardinality; > > + band[i] = ExactMath.add(band[i], cardinality); > > } > > } > > } > > @@ -117,7 +119,7 @@ public class RunCodec extends Codec { > > band[i] -= cardinality; > > } > > while (band[i] < bhsd.smallest()) { > > - band[i] += cardinality; > > + band[i] = ExactMath.add(band[i], > cardinality); > > } > > } > > } > > diff --git > a/src/main/java/org/apache/commons/compress/harmony/unpack200/BandSet.java > b/src/main/java/org/apache/commons/compress/harmony/unpack200/BandSet.java > > index 5818623..55c26c0 100644 > > --- > a/src/main/java/org/apache/commons/compress/harmony/unpack200/BandSet.java > > +++ > b/src/main/java/org/apache/commons/compress/harmony/unpack200/BandSet.java > > @@ -36,6 +36,7 @@ import > org.apache.commons.compress.harmony.unpack200.bytecode.CPMethodRef; > > import > org.apache.commons.compress.harmony.unpack200.bytecode.CPNameAndType; > > import org.apache.commons.compress.harmony.unpack200.bytecode.CPString; > > import org.apache.commons.compress.harmony.unpack200.bytecode.CPUTF8; > > +import org.apache.commons.compress.utils.ExactMath; > > > > /** > > * Abstract superclass for a set of bands > > @@ -118,7 +119,7 @@ public abstract class BandSet { > > band[i] -= cardinality; > > } > > while (band[i] < bhsd.smallest()) { > > - band[i] += cardinality; > > + band[i] = ExactMath.add(band[i], cardinality); > > } > > } > > } > > diff --git > a/src/main/java/org/apache/commons/compress/utils/ExactMath.java > b/src/main/java/org/apache/commons/compress/utils/ExactMath.java > > new file mode 100644 > > index 0000000..860aa0d > > --- /dev/null > > +++ b/src/main/java/org/apache/commons/compress/utils/ExactMath.java > > @@ -0,0 +1,44 @@ > > +/* > > + * Licensed to the Apache Software Foundation (ASF) under one > > + * or more contributor license agreements. See the NOTICE file > > + * distributed with this work for additional information > > + * regarding copyright ownership. The ASF licenses this file > > + * to you under the Apache License, Version 2.0 (the > > + * "License"); you may not use this file except in compliance > > + * with the License. You may obtain a copy of the License at > > + * > > + * http://www.apache.org/licenses/LICENSE-2.0 > > + * > > + * Unless required by applicable law or agreed to in writing, > > + * software distributed under the License is distributed on an > > + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY > > + * KIND, either express or implied. See the License for the > > + * specific language governing permissions and limitations > > + * under the License. > > + */ > > + > > +package org.apache.commons.compress.utils; > > + > > +/** > > + * PRIVATE. > > + * > > + * Performs exact math through {@link Math} "exact" APIs. > > + */ > > +public class ExactMath { > > + > > + private ExactMath() { > > + // no instances > > + } > > + > > + /** > > + * Adds two values and throws an exception on overflow. > > + * > > + * @param intValue the first value. > > + * @param longValue the second value. > > + * @return addition of both values. > > + * @throws ArithmeticException when there is an overflow. > > + */ > > + public static int add(final int intValue, final long longValue) { > > + return Math.addExact(intValue, Math.toIntExact(longValue)); > > + } > > +} > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
