This is an automated email from the ASF dual-hosted git repository.
ggregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-io.git
commit 92cf5613f9ad171df8d6c150e920e09286fa20e3
Author: Gary Gregory <garydgreg...@gmail.com>
AuthorDate: Wed Oct 11 09:21:58 2023 -0400
Fix CodeQL warnings in UnsynchronizedBufferedInputStream: Implicit
narrowing conversion in compound assignment.
- (int count - int pos) here is always an int so amount is also in the
int range if the above test is true.
- We can safely cast and avoid static analysis warnings: "Implicit
narrowing conversion in compound assignment"
- https://github.com/apache/commons-io/security/code-scanning/135
- https://github.com/apache/commons-io/security/code-scanning/88
---
src/changes/changes.xml | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 2de04467..8fe3234e 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -94,6 +94,9 @@ The <action> type attribute can be add,update,fix,remove.
<action dev="ggregory" type="fix" due-to="sebbASF">
[Javadoc] IOUtils#contentEquals does not throw NullPointerException
#496.
</action>
+ <action dev="ggregory" type="fix" due-to="Gary Gregory">
+ Fix CodeQL warnings in UnsynchronizedBufferedInputStream: Implicit
narrowing conversion in compound assignment.
+ </action>
<!-- ADD -->
<action dev="ggregory" type="add" due-to="Gary Gregory">
Add org.apache.commons.io.channels.FileChannels.
