[jboss-jira] [JBoss JIRA] (ELY-946) Coverity static analysis, suspicious bitwise logical expression, DigestUtil (Elytron)
Ilia Vassilev (JIRA)
issues at jboss.org
Mon Feb 13 15:57:00 EST 2017
[ https://issues.jboss.org/browse/ELY-946?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ilia Vassilev moved WFLY-8097 to ELY-946:
-----------------------------------------
Project: WildFly Elytron (was: WildFly)
Key: ELY-946 (was: WFLY-8097)
Component/s: SASL
(was: Security)
> Coverity static analysis, suspicious bitwise logical expression, DigestUtil (Elytron)
> -------------------------------------------------------------------------------------
>
> Key: ELY-946
> URL: https://issues.jboss.org/browse/ELY-946
> Project: WildFly Elytron
> Issue Type: Bug
> Components: SASL
> Reporter: Martin Choma
> Assignee: Ilia Vassilev
> Priority: Critical
>
> Coverity found suspicious logical operation https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=9563899&defectInstanceId=2359232&mergedDefectId=1377462
> See detailed description of possible problem in [1]
> If I extend DigestUtilTest#testDecodeByteOrderedInteger with case from [1], test fails
> {code}
> byte[] inputFF = CodePointIterator.ofString("000000FF").hexDecode().drain();
> assertEquals(0xFF, decodeByteOrderedInteger(inputFF, 0, 4));
> {code}
> If I change decodeByteOrderedInteger implementation according to [1], all tests passes.
> {code}
> result |= (buf[offset + i] & 0xff);
> {code}
> [1] http://findbugs.sourceforge.net/bugDescriptions.html#BIT_IOR_OF_SIGNED_BYTE
> Setting to high priority, because correct behavior of SASL Digest mechanism could be impacted.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list