Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[fix][sec] implicit narrowing conversion in compound assignment #22074

Merged
merged 2 commits into from
Mar 29, 2024
Merged

[fix][sec] implicit narrowing conversion in compound assignment #22074

merged 2 commits into from
Mar 29, 2024

Conversation

liangyepianzhou
Copy link
Contributor

Fix https://github.com/apache/pulsar/security/code-scanning/20, https://github.com/apache/pulsar/security/code-scanning/7

Motivation

The implicit casting of source type double/long to narrower destination type int can result in information loss and numeric errors such as overflows.

Modifications

Ensure that the type of the left-hand side of the compound assignment statement is at least as wide as the type of the right-hand side.

Verifying this change

  • Make sure that the change passes the CI checks.

(Please pick either of the following options)

This change is a trivial rework / code cleanup without any test coverage.

(or)

This change is already covered by existing tests, such as (please describe tests).

(or)

This change added tests and can be verified as follows:

(example:)

  • Added integration tests for end-to-end deployment with large payloads (10MB)
  • Extended integration test for recovery after broker failure

Does this pull request potentially affect one of the following parts:

If the box was checked, please highlight the changes

  • Dependencies (add or upgrade a dependency)
  • The public API
  • The schema
  • The default values of configurations
  • The threading model
  • The binary protocol
  • The REST endpoints
  • The admin CLI options
  • The metrics
  • Anything that affects deployment

Documentation

  • doc
  • doc-required
  • doc-not-needed
  • doc-complete

Matching PR in forked repository

PR in forked repository:

@github-actions github-actions bot added the doc-not-needed Your PR changes do not impact docs label Feb 20, 2024
@Technoboy- Technoboy- added this to the 3.3.0 milestone Mar 18, 2024
@liangyepianzhou liangyepianzhou merged commit 0701d7e into apache:master Mar 29, 2024
70 of 72 checks passed
@liangyepianzhou liangyepianzhou deleted the narrowing_conversion branch March 29, 2024 04:43
Technoboy- pushed a commit to Technoboy-/pulsar that referenced this pull request Apr 1, 2024
@liangyepianzhou @Technoboy-
[fix][sec] implicit narrowing conversion in compound assignment (apac…
9a43ab0 
…he#22074)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dao-jun dao-jun dao-jun approved these changes

@Technoboy- Technoboy- Technoboy- approved these changes

@lhotari lhotari lhotari approved these changes

Assignees

@liangyepianzhou liangyepianzhou

Labels
doc-not-needed Your PR changes do not impact docs ready-to-test
Projects
None yet
Milestone
3.3.0
Development

Successfully merging this pull request may close these issues.
4 participants
@liangyepianzhou @lhotari @Technoboy- @dao-jun