[commons-io] branch master updated: Fix warnings: Implicit narrowing conversion in compound assignment

Wed, 11 Oct 2023 06:14:37 -0700 

This is an automated email from the ASF dual-hosted git repository.

ggregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-io.git


The following commit(s) were added to refs/heads/master by this push:
     new 74c562eb Fix warnings: Implicit narrowing conversion in compound 
assignment
74c562eb is described below

commit 74c562eb855b8dfc3972a92d56490b07435f4717
Author: Gary Gregory <garydgreg...@gmail.com>
AuthorDate: Wed Oct 11 09:14:28 2023 -0400

    Fix warnings: Implicit narrowing conversion in compound assignment
    
    - (int count - int pos) here is always an int so amount is also in the
    int range if the above test is true.
    - We can safely cast and avoid static analysis warnings: "Implicit
    narrowing conversion in compound assignment"
    - https://github.com/apache/commons-io/security/code-scanning/135
    - https://github.com/apache/commons-io/security/code-scanning/88
---
 .../commons/io/input/UnsynchronizedBufferedInputStream.java    | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git 
a/src/main/java/org/apache/commons/io/input/UnsynchronizedBufferedInputStream.java
 
b/src/main/java/org/apache/commons/io/input/UnsynchronizedBufferedInputStream.java
index 71a18411..da2d132c 100644
--- 
a/src/main/java/org/apache/commons/io/input/UnsynchronizedBufferedInputStream.java
+++ 
b/src/main/java/org/apache/commons/io/input/UnsynchronizedBufferedInputStream.java
@@ -397,10 +397,12 @@ public final class UnsynchronizedBufferedInputStream 
extends UnsynchronizedFilte
         }
 
         if (count - pos >= amount) {
-            pos += amount;
+            // (int count - int pos) here is always an int so amount is also 
in the int range if the above test is true.
+            // We can safely cast to int and avoid static analysis warnings.
+            pos += (int) amount;
             return amount;
         }
-        long read = count - pos;
+        int read = count - pos;
         pos = count;
 
         if (markPos != IOUtils.EOF && amount <= markLimit) {
@@ -408,7 +410,9 @@ public final class UnsynchronizedBufferedInputStream 
extends UnsynchronizedFilte
                 return read;
             }
             if (count - pos >= amount - read) {
-                pos += amount - read;
+                // (int count - int pos) here is always an int so (amount - 
read) is also in the int range if the above test is true.
+                // We can safely cast to int and avoid static analysis 
warnings.
+                pos += ((int) amount) - read;
                 return amount;
             }
             // Couldn't get all the bytes, skip what we read

Reply via email to