https://issues.apache.org/bugzilla/show_bug.cgi?id=55938
--- Comment #3 from Konstantin Kolinko <knst.koli...@gmail.com> --- Thank you. An obvious "Dead assignment" issue in ssl.c fixed with r1607271. Two "Dereference of null pointer" issues in ssl.c fixed with r1607278. A "Dead assignment" issue in Socket.sendto() (network.c) fixed with r1607296. The fixes will be in TCNative 1.1.31 Two "Dead assignment" bugs in File.writeFull(), File.write() (file.c): - I think the fix should be on the Java side to remove "-1" as allowed value for size in Javadoc for these methods, and also in File.read() and others. - The unused GetArrayLength() calls can be removed from C code. Motivation: 1). The code does not work, and nobody complained. 2). It is easy to measure array length in Java. There is no need for this feature. 3). While is is easy to fix the assignment (it should assign to "nbytes" variable), the code is wrong and dangerous. It shall subtract "offset" from the array length, as "offset" can be non-zero. "Dead assignment" in SSL_callback_SSL_verify (sslutils.c) is some TODO code. No issue. "Argument with 'nonnull' attribute passed null" issues in Pool.dataGet(), Pool.dataSet() (pool.c) shall be taken care in Java code by never passing null as the value of "key". No issues here. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
