[
https://issues.apache.org/jira/browse/SANDBOX-246?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12670744#action_12670744
]
Stefan Bodewig commented on SANDBOX-246:
----------------------------------------
re-ran findbugs since some of the issues have been outdated.
In addition:
ZipArchiveEntry clone may return null (this class doesn't exist in Ant)
TarInputStream and two methods in ZipFile ignore the result of
InputStream.skip()
ArchiveStreamFactory createArchiveInputStream ignores result of InputStream
read (not in Ant)
CpioArchiveEntry.setMode "forgets" to throw IllegalArgumentException (not in
Ant)
redudant null check in CpioArchiveOutputStream.closeEntry (not in Ant)
JarArchiveEntry certificates and manifestattributes are never assigned to (not
in Ant)
silly selfassignment of numToWrite in TarOutputStream write
JarArchivEntry returns pointer to private array (not in Ant) as does
UnrecognizedExtraField
some static byte[] in ZipOutputStream could be abused by subclasses, not fixed
in Ant because of backwards compatibility issues. Not sure whether it should
be fixed in compress, will discuss on list.
CpioArchiveOutputStream synchronization of crc is inconsistent (not in Ant)
dead store to c in BZip2CompressorOutputStream med3
oddness-check in BZip2CompressorOutputStream sendMTFValues may fail for
negative numbers
The problems that have also been in Ant's codebase have been fixed there in svn
revision 741089 and merged over to compress in svn revision 741092.
the additional problems in cpio, JarArchive and ArchiveStreamFactory have been
addressed in svn revision 741095.
will close this, once we know what to do with the remaining issues.
> Findbugs reports
> ----------------
>
> Key: SANDBOX-246
> URL: https://issues.apache.org/jira/browse/SANDBOX-246
> Project: Commons Sandbox
> Issue Type: Bug
> Components: Compress
> Reporter: Sebb
> Assignee: Stefan Bodewig
>
> TarEntry defines equals(TarEntry) method which does not override
> Object.equals() - is this intended?
> If so, maybe the method should be called something different such as isSame()
> to avoid confusion.
> BZip2Compressor and ZipArchive return a pointer to a private byte array, thus
> allowing external code to modfy the contents of the final array.
> They should return a copy.
> BZip2OutputStream line 1302: m_block[ m_zptr[ ( lo + hi ) >> 1 ] + d + 1 ]
> );
> Findbugs says:
> {quote}
> The code computes the average of two integers using either division or signed
> right shift, and then uses the result as the index of an array. If the values
> being averaged are very large, this can overflow (resulting in the
> computation of a negative average). Assuming that the result is intended to
> be nonnegative, you can use an unsigned right shift instead. In other words,
> rather that using (low+high)/2, use (low+high) >>> 1
> {quote}
> TarArchive line 74 may fail to close zInputStream
> The classes ZipShort, ZipLong and AsiExtraField implement Cloneable but do
> not define or use the clone method.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
