Coverity Scan
Hi, I would like to update the coverity scan report. As the previous one was based on Tomcat 8 (back in the time it was trunk) I think to base the scan again on Tomcat 8. Wdyt? Regards, Violeta
New Coverity Scan
Hi, I uploaded new scan [1] (against Tomcat 8 trunk). Regards, Violeta [1] https://scan.coverity.com/projects/apache-tomcat
Re: Coverity Scan
Hi, 2015-01-22 12:13 GMT+02:00 Violeta Georgieva : > > > > 2015-01-22 9:02 GMT+02:00 Violeta Georgieva : > > > > Hi, > > > > I would like to update the coverity scan report. > > As the previous one was based on Tomcat 8 (back in the time it was trunk) I think to base the scan again on Tomcat 8. > > > > Wdyt? > > Scan updated. I uploaded a new scan. https://scan.coverity.com/projects/2780 Regards, Violeta > > Regards, > > Violeta
Re: Coverity Scan
2015-04-21 17:26 GMT+03:00 Violeta Georgieva : > > Hi, > > > 2015-01-22 12:13 GMT+02:00 Violeta Georgieva : > > > > > > > > 2015-01-22 9:02 GMT+02:00 Violeta Georgieva : > > > > > > Hi, > > > > > > I would like to update the coverity scan report. > > > As the previous one was based on Tomcat 8 (back in the time it was trunk) I think to base the scan again on Tomcat 8. > > > > > > Wdyt? > > > > Scan updated. > > I uploaded a new scan. It is based on the currrent Tomcat 8 trunk. > > https://scan.coverity.com/projects/2780 > > Regards, > Violeta > > > > Regards, > > > Violeta
Re: Coverity Scan
Am 22. Januar 2015 08:02:47 MEZ, schrieb Violeta Georgieva : >Hi, > >I would like to update the coverity scan report. >As the previous one was based on Tomcat 8 (back in the time it was >trunk) I >think to base the scan again on Tomcat 8. > >Wdyt? +1 Felix > >Regards, >Violeta - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Coverity Scan
2015-01-22 10:02 GMT+03:00 Violeta Georgieva : > Hi, > > I would like to update the coverity scan report. > As the previous one was based on Tomcat 8 (back in the time it was trunk) I > think to base the scan again on Tomcat 8. > > Wdyt? +1 Two notes: 1) A project at coverity is linked to a GitHub repository. Currently it is configured to use https://github.com/apache/tomcat but for Tomcat 8 one needs to use https://github.com/apache/tomcat80 It may be that the URL is only used for summary information to describe the project. In that case it can be left as is. If that URL is actually used for analysis, one would have to change it. (+1 for the change if it is needed). 2) Looking at "Upload a Project Build" form, it expects a tarball created by "Coverity Scan Self-Build tool". I have never tried to create one. YMMV. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Coverity Scan
2015-01-22 10:48 GMT+02:00 Konstantin Kolinko : > > 2015-01-22 10:02 GMT+03:00 Violeta Georgieva : > > Hi, > > > > I would like to update the coverity scan report. > > As the previous one was based on Tomcat 8 (back in the time it was trunk) I > > think to base the scan again on Tomcat 8. > > > > Wdyt? > > +1 > > Two notes: > > 1) A project at coverity is linked to a GitHub repository. > > Currently it is configured to use https://github.com/apache/tomcat > but for Tomcat 8 one needs to use https://github.com/apache/tomcat80 > > It may be that the URL is only used for summary information to > describe the project. In that case it can be left as is. > > If that URL is actually used for analysis, one would have to change > it. (+1 for the change if it is needed). Ok I'll check that > 2) Looking at "Upload a Project Build" form, it expects a tarball > created by "Coverity Scan Self-Build tool". I have never tried to > create one. YMMV. I've done this before for other projects. > > Best regards, > Konstantin Kolinko > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org >
Re: Coverity Scan
On 22/01/2015 07:02, Violeta Georgieva wrote: > Hi, > > I would like to update the coverity scan report. > As the previous one was based on Tomcat 8 (back in the time it was trunk) I > think to base the scan again on Tomcat 8. > > Wdyt? +1. Is it worth having separate scans for 8.0.x and trunk? I know there will be a large amount of overlap but they are starting to diverge. Just a thought... Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Coverity Scan
2015-01-22 9:02 GMT+02:00 Violeta Georgieva : > > Hi, > > I would like to update the coverity scan report. > As the previous one was based on Tomcat 8 (back in the time it was trunk) I think to base the scan again on Tomcat 8. > > Wdyt? Scan updated. > Regards, > Violeta
[tomcat] 02/02: Consistent synchronisation - reported by Coverity scan
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 7061d6ffdd91ebc31fcdae58cfe878f392e0c300
Author: Mark Thomas
AuthorDate: Mon Aug 14 16:53:20 2023 +0100
Consistent synchronisation - reported by Coverity scan
---
java/org/apache/catalina/core/StandardContext.java | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/catalina/core/StandardContext.java
b/java/org/apache/catalina/core/StandardContext.java
index de33471e5f..d1bcbead6c 100644
--- a/java/org/apache/catalina/core/StandardContext.java
+++ b/java/org/apache/catalina/core/StandardContext.java
@@ -4338,7 +4338,9 @@ public class StandardContext extends ContainerBase
implements Context, Notificat
* @return the filter config object
*/
public FilterConfig findFilterConfig(String name) {
-return filterConfigs.get(name);
+synchronized (filterDefs) {
+return filterConfigs.get(name);
+}
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Simplify code. Identified by Coverity Scan.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 3d996c7 Simplify code. Identified by Coverity Scan.
3d996c7 is described below
commit 3d996c769ea6fbed0f44bf5fdee8edaeaa4d3c5a
Author: Mark Thomas
AuthorDate: Wed May 22 15:34:12 2019 +0100
Simplify code. Identified by Coverity Scan.
---
java/org/apache/jasper/compiler/JspUtil.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/java/org/apache/jasper/compiler/JspUtil.java
b/java/org/apache/jasper/compiler/JspUtil.java
index a3411bd..96bd538 100644
--- a/java/org/apache/jasper/compiler/JspUtil.java
+++ b/java/org/apache/jasper/compiler/JspUtil.java
@@ -296,7 +296,7 @@ public class JspUtil {
c = double.class;
} else if ("void".equals(type)) {
c = void.class;
-} else if (type.indexOf('[') < 0) {
+} else {
c = loader.loadClass(type);
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Consistent synchronisation - reported by Coverity scan
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 3b1ded20da Consistent synchronisation - reported by Coverity scan
3b1ded20da is described below
commit 3b1ded20dab9b2cd59d7d540afcb9b4c2d17a753
Author: Mark Thomas
AuthorDate: Mon Aug 14 16:53:20 2023 +0100
Consistent synchronisation - reported by Coverity scan
---
java/org/apache/catalina/core/StandardContext.java | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/catalina/core/StandardContext.java
b/java/org/apache/catalina/core/StandardContext.java
index 9ed5ce6e4b..1cc45173b3 100644
--- a/java/org/apache/catalina/core/StandardContext.java
+++ b/java/org/apache/catalina/core/StandardContext.java
@@ -4290,7 +4290,9 @@ public class StandardContext extends ContainerBase
implements Context, Notificat
* @return the filter config object
*/
public FilterConfig findFilterConfig(String name) {
-return filterConfigs.get(name);
+synchronized (filterDefs) {
+return filterConfigs.get(name);
+}
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Avoid possible NPE reported by Coverity scan
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 1488552 Avoid possible NPE reported by Coverity scan
1488552 is described below
commit 1488552190f3272ab1c57baa4ed34e3e1f84e6c9
Author: Mark Thomas
AuthorDate: Sat May 4 13:47:12 2019 +0100
Avoid possible NPE reported by Coverity scan
---
java/org/apache/catalina/realm/JAASCallbackHandler.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/java/org/apache/catalina/realm/JAASCallbackHandler.java
b/java/org/apache/catalina/realm/JAASCallbackHandler.java
index 3b439ce..407414e 100644
--- a/java/org/apache/catalina/realm/JAASCallbackHandler.java
+++ b/java/org/apache/catalina/realm/JAASCallbackHandler.java
@@ -90,7 +90,7 @@ public class JAASCallbackHandler implements CallbackHandler {
this.realm = realm;
this.username = username;
-if (realm.hasMessageDigest()) {
+if (password != null && realm.hasMessageDigest()) {
this.password = realm.getCredentialHandler().mutate(password);
}
else {
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: Fix logic bug spotted by Coverity Scan
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new bee714eb1d Fix logic bug spotted by Coverity Scan
bee714eb1d is described below
commit bee714eb1dabfcc07bf410e1145f6c580f14539d
Author: Mark Thomas
AuthorDate: Mon Jan 15 10:11:59 2024 +
Fix logic bug spotted by Coverity Scan
---
.../apache/tomcat/util/digester/ServiceBindingPropertySource.java| 2 +-
webapps/docs/changelog.xml | 5 +
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git
a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
index 89617c9cfb..bd06630f01 100644
--- a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
+++ b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
@@ -116,7 +116,7 @@ public class ServiceBindingPropertySource implements
IntrospectionUtils.Property
int length = bytes.length;
if (chomp) {
-if(length > 1 && bytes[length - 2] == '\r' && bytes[length -
2] == '\n') {
+if(length > 1 && bytes[length - 2] == '\r' && bytes[length -
1] == '\n') {
length -= 2;
} else if (length > 0) {
byte c = bytes[length - 1];
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 6e9ffb917c..aa7fce0034 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -120,6 +120,11 @@
that is no longer included in the JAR. Based on pull request
684 by Jendrik Johannes. (markt)
+
+Fix ServiceBindingPropertySource so that trailing \r\n
+sequences are correctly removed from files containing property values
+when configured to do so. Bug identified by Coverity Scan. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.1.x updated: Consistent synchronisation - reported by Coverity scan
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 99decc6841 Consistent synchronisation - reported by Coverity scan
99decc6841 is described below
commit 99decc684174f095adde96311a3a46a0aa78af88
Author: Mark Thomas
AuthorDate: Mon Aug 14 16:53:20 2023 +0100
Consistent synchronisation - reported by Coverity scan
---
java/org/apache/catalina/core/StandardContext.java | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/catalina/core/StandardContext.java
b/java/org/apache/catalina/core/StandardContext.java
index 6d76f8987c..95dd7dd90b 100644
--- a/java/org/apache/catalina/core/StandardContext.java
+++ b/java/org/apache/catalina/core/StandardContext.java
@@ -4319,7 +4319,9 @@ public class StandardContext extends ContainerBase
implements Context, Notificat
* @return the filter config object
*/
public FilterConfig findFilterConfig(String name) {
-return filterConfigs.get(name);
+synchronized (filterDefs) {
+return filterConfigs.get(name);
+}
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Consistent synchronisation - reported by Coverity scan
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new e25e7fd2ba Consistent synchronisation - reported by Coverity scan
e25e7fd2ba is described below
commit e25e7fd2bab2cd2373400c06e5959c657d05a7ab
Author: Mark Thomas
AuthorDate: Mon Aug 14 16:53:20 2023 +0100
Consistent synchronisation - reported by Coverity scan
---
java/org/apache/catalina/core/StandardContext.java | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/catalina/core/StandardContext.java
b/java/org/apache/catalina/core/StandardContext.java
index d621fe7d45..f141c0b5da 100644
--- a/java/org/apache/catalina/core/StandardContext.java
+++ b/java/org/apache/catalina/core/StandardContext.java
@@ -4359,7 +4359,9 @@ public class StandardContext extends ContainerBase
implements Context, Notificat
* @return the filter config object
*/
public FilterConfig findFilterConfig(String name) {
-return filterConfigs.get(name);
+synchronized (filterDefs) {
+return filterConfigs.get(name);
+}
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Fix rare potential NPE identified by Coverity Scan.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 0483c93 Fix rare potential NPE identified by Coverity Scan.
0483c93 is described below
commit 0483c93ddd4ab0ac7742e154d1e1e1b3c4475f6c
Author: Mark Thomas
AuthorDate: Fri May 17 18:05:46 2019 +0100
Fix rare potential NPE identified by Coverity Scan.
---
java/org/apache/catalina/connector/CoyoteAdapter.java | 6 --
webapps/docs/changelog.xml| 4
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/catalina/connector/CoyoteAdapter.java
b/java/org/apache/catalina/connector/CoyoteAdapter.java
index fb4c236..de572e6 100644
--- a/java/org/apache/catalina/connector/CoyoteAdapter.java
+++ b/java/org/apache/catalina/connector/CoyoteAdapter.java
@@ -816,7 +816,7 @@ public class CoyoteAdapter implements Adapter {
if (wrapper != null) {
String[] methods = wrapper.getServletMethods();
if (methods != null) {
-for (int i=0; i
+
+Avoid potential NullPointerException when generating an
+HTTP Allow header. Identified by Coverity Scan. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: Fix logic bug spotted by Coverity Scan
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 2f791cfeae Fix logic bug spotted by Coverity Scan
2f791cfeae is described below
commit 2f791cfeae3178ad786118862df1af2a6c32ea71
Author: Mark Thomas
AuthorDate: Mon Jan 15 10:11:59 2024 +
Fix logic bug spotted by Coverity Scan
---
.../apache/tomcat/util/digester/ServiceBindingPropertySource.java| 2 +-
webapps/docs/changelog.xml | 5 +
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git
a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
index a96e5d8285..997ce354db 100644
--- a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
+++ b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
@@ -139,7 +139,7 @@ public class ServiceBindingPropertySource implements
IntrospectionUtils.SecurePr
int length = bytes.length;
if (chomp) {
-if(length > 1 && bytes[length - 2] == '\r' && bytes[length -
2] == '\n') {
+if(length > 1 && bytes[length - 2] == '\r' && bytes[length -
1] == '\n') {
length -= 2;
} else if (length > 0) {
byte c = bytes[length - 1];
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index a509a06dc1..52b5650875 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -113,6 +113,11 @@
that is no longer included in the JAR. Based on pull request
684 by Jendrik Johannes. (markt)
+
+Fix ServiceBindingPropertySource so that trailing \r\n
+sequences are correctly removed from files containing property values
+when configured to do so. Bug identified by Coverity Scan. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 9.0.x updated: Fix logic bug spotted by Coverity Scan
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new e087a29cd4 Fix logic bug spotted by Coverity Scan
e087a29cd4 is described below
commit e087a29cd4e69f1edb838e5a117b4713288c39f3
Author: Mark Thomas
AuthorDate: Mon Jan 15 10:11:59 2024 +
Fix logic bug spotted by Coverity Scan
---
.../apache/tomcat/util/digester/ServiceBindingPropertySource.java| 2 +-
webapps/docs/changelog.xml | 5 +
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git
a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
index a96e5d8285..997ce354db 100644
--- a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
+++ b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
@@ -139,7 +139,7 @@ public class ServiceBindingPropertySource implements
IntrospectionUtils.SecurePr
int length = bytes.length;
if (chomp) {
-if(length > 1 && bytes[length - 2] == '\r' && bytes[length -
2] == '\n') {
+if(length > 1 && bytes[length - 2] == '\r' && bytes[length -
1] == '\n') {
length -= 2;
} else if (length > 0) {
byte c = bytes[length - 1];
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index c5803e3d2f..4f6ead9029 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -113,6 +113,11 @@
that is no longer included in the JAR. Based on pull request
684 by Jendrik Johannes. (markt)
+
+Fix ServiceBindingPropertySource so that trailing \r\n
+sequences are correctly removed from files containing property values
+when configured to do so. Bug identified by Coverity Scan. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 8.5.x updated: Fix logic bug spotted by Coverity Scan
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 5a2e706b92 Fix logic bug spotted by Coverity Scan
5a2e706b92 is described below
commit 5a2e706b92aa0921268fee9f1b0bdf9b38ebfe62
Author: Mark Thomas
AuthorDate: Mon Jan 15 10:11:59 2024 +
Fix logic bug spotted by Coverity Scan
---
.../tomcat/util/digester/ServiceBindingPropertySource.java | 2 +-
webapps/docs/changelog.xml | 9 +
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git
a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
index a96e5d8285..997ce354db 100644
--- a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
+++ b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
@@ -139,7 +139,7 @@ public class ServiceBindingPropertySource implements
IntrospectionUtils.SecurePr
int length = bytes.length;
if (chomp) {
-if(length > 1 && bytes[length - 2] == '\r' && bytes[length -
2] == '\n') {
+if(length > 1 && bytes[length - 2] == '\r' && bytes[length -
1] == '\n') {
length -= 2;
} else if (length > 0) {
byte c = bytes[length - 1];
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 0a27c6b585..58b47a91fe 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -105,6 +105,15 @@
issues do not "pop up" wrt. others).
-->
+
+
+
+Fix ServiceBindingPropertySource so that trailing \r\n
+sequences are correctly removed from files containing property values
+when configured to do so. Bug identified by Coverity Scan. (markt)
+
+
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: (tomcat) branch main updated: Fix logic bug spotted by Coverity Scan
пн, 15 янв. 2024 г. в 13:16, :
>
> This is an automated email from the ASF dual-hosted git repository.
>
> markt pushed a commit to branch main
> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>
>
> The following commit(s) were added to refs/heads/main by this push:
> new bee714eb1d Fix logic bug spotted by Coverity Scan
> bee714eb1d is described below
>
> commit bee714eb1dabfcc07bf410e1145f6c580f14539d
> Author: Mark Thomas
> AuthorDate: Mon Jan 15 10:11:59 2024 +
>
> Fix logic bug spotted by Coverity Scan
> ---
> .../apache/tomcat/util/digester/ServiceBindingPropertySource.java| 2 +-
> webapps/docs/changelog.xml | 5
> +
> 2 files changed, 6 insertions(+), 1 deletion(-)
>
> diff --git
> a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
> b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
> index 89617c9cfb..bd06630f01 100644
> --- a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
> +++ b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
> @@ -116,7 +116,7 @@ public class ServiceBindingPropertySource implements
> IntrospectionUtils.Property
> int length = bytes.length;
>
> if (chomp) {
> -if(length > 1 && bytes[length - 2] == '\r' && bytes[length -
> 2] == '\n') {
> +if(length > 1 && bytes[length - 2] == '\r' && bytes[length -
> 1] == '\n') {
> length -= 2;
> } else if (length > 0) {
> byte c = bytes[length - 1];
> diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
> index 6e9ffb917c..aa7fce0034 100644
> --- a/webapps/docs/changelog.xml
> +++ b/webapps/docs/changelog.xml
> @@ -120,6 +120,11 @@
> that is no longer included in the JAR. Based on pull request
> 684 by Jendrik Johannes. (markt)
>
> +
> +Fix ServiceBindingPropertySource so that trailing \r\n
> +sequences are correctly removed from files containing property values
> +when configured to do so. Bug identified by Coverity Scan. (markt)
> +
>
>
>
Reviewing the code of ServiceBindingPropertySource,
1. It removes only the last end-of-line sequence (one or two characters).
It could be rewritten with a loop to remove any \n \r characters that
are found at the end.
2. The code later uses "return new String(bytes, 0, length);"
to create a String, without specifying any encoding.
I guess that the Platform default encoding nowadays is UTF-8.
Or maybe it makes sense to use the default encoding, as people edit
those files, using whatever default encoding they prefer.
Best regards,
Konstantin Kolinko
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: (tomcat) branch main updated: Fix logic bug spotted by Coverity Scan
Konstantin,
On 1/15/24 09:30, Konstantin Kolinko wrote:
пн, 15 янв. 2024 г. в 13:16, :
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new bee714eb1d Fix logic bug spotted by Coverity Scan
bee714eb1d is described below
commit bee714eb1dabfcc07bf410e1145f6c580f14539d
Author: Mark Thomas
AuthorDate: Mon Jan 15 10:11:59 2024 +
Fix logic bug spotted by Coverity Scan
---
.../apache/tomcat/util/digester/ServiceBindingPropertySource.java| 2 +-
webapps/docs/changelog.xml | 5 +
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git
a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
index 89617c9cfb..bd06630f01 100644
--- a/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
+++ b/java/org/apache/tomcat/util/digester/ServiceBindingPropertySource.java
@@ -116,7 +116,7 @@ public class ServiceBindingPropertySource implements
IntrospectionUtils.Property
int length = bytes.length;
if (chomp) {
-if(length > 1 && bytes[length - 2] == '\r' && bytes[length -
2] == '\n') {
+if(length > 1 && bytes[length - 2] == '\r' && bytes[length -
1] == '\n') {
length -= 2;
} else if (length > 0) {
byte c = bytes[length - 1];
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 6e9ffb917c..aa7fce0034 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -120,6 +120,11 @@
that is no longer included in the JAR. Based on pull request
684 by Jendrik Johannes. (markt)
+
+Fix ServiceBindingPropertySource so that trailing \r\n
+sequences are correctly removed from files containing property values
+when configured to do so. Bug identified by Coverity Scan. (markt)
+
Reviewing the code of ServiceBindingPropertySource,
1. It removes only the last end-of-line sequence (one or two characters).
It could be rewritten with a loop to remove any \n \r characters that
are found at the end.
This was intentional (only trim the final newline) but could be updated
if the team thinks it makes sense to do so.
Maybe text-editing programs append a trailing newline at the end of text
files unless you take special steps to prevent it from happening. It's
usually easy to limit the trailing newlines to a single one.
2. The code later uses "return new String(bytes, 0, length);"
to create a String, without specifying any encoding.
This was intentional as well, as the file is originally read without
specifying the encoding. Allowing an admin to specify the encoding would
have expanded the configuration for ServiceBrindingPropertySource and my
intent at the time was to make the fewest number of changes possible.
I guess that the Platform default encoding nowadays is UTF-8.
Or maybe it makes sense to use the default encoding, as people edit
those files, using whatever default encoding they prefer.
+1
A PropertySource is specified using a system property. Specifying the
encoding for a file-based PropertySource would mean having another
system property or a more complicated configuration scheme for
PropertySource.
I'm happy to entertain ideas for improvement.
-chris
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Fix rare potential NPE identified by Coverity Scan.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new c14bc02 Fix rare potential NPE identified by Coverity Scan.
c14bc02 is described below
commit c14bc021f8337873f850db4cd05a0451d484a8ed
Author: Mark Thomas
AuthorDate: Fri May 17 18:05:46 2019 +0100
Fix rare potential NPE identified by Coverity Scan.
---
java/org/apache/catalina/connector/CoyoteAdapter.java | 6 --
webapps/docs/changelog.xml| 4
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/catalina/connector/CoyoteAdapter.java
b/java/org/apache/catalina/connector/CoyoteAdapter.java
index 50f68ec..a2a59bb 100644
--- a/java/org/apache/catalina/connector/CoyoteAdapter.java
+++ b/java/org/apache/catalina/connector/CoyoteAdapter.java
@@ -817,7 +817,7 @@ public class CoyoteAdapter implements Adapter {
if (wrapper != null) {
String[] methods = wrapper.getServletMethods();
if (methods != null) {
-for (int i=0; i
+
+Avoid potential NullPointerException when generating an
+HTTP Allow header. Identified by Coverity Scan. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 7.0.x updated: Fix rare potential NPE identified by Coverity Scan.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/7.0.x by this push:
new c043c29 Fix rare potential NPE identified by Coverity Scan.
c043c29 is described below
commit c043c290bd5378216820ccfa25cc795d27d86140
Author: Mark Thomas
AuthorDate: Fri May 17 18:05:46 2019 +0100
Fix rare potential NPE identified by Coverity Scan.
---
java/org/apache/catalina/connector/CoyoteAdapter.java | 6 --
webapps/docs/changelog.xml| 4
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/catalina/connector/CoyoteAdapter.java
b/java/org/apache/catalina/connector/CoyoteAdapter.java
index dd0425a..9b3aa26 100644
--- a/java/org/apache/catalina/connector/CoyoteAdapter.java
+++ b/java/org/apache/catalina/connector/CoyoteAdapter.java
@@ -886,7 +886,7 @@ public class CoyoteAdapter implements Adapter {
if (wrapper != null) {
String[] methods = wrapper.getServletMethods();
if (methods != null) {
-for (int i=0; i
+
+Avoid potential NullPointerException when generating an
+HTTP Allow header. Identified by Coverity Scan. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/02: Refactor to avoid unnecessary null checks. Identified by Coverity Scan.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit f488fb08f8204126da79fd9d333c04d1ad936567
Author: Mark Thomas
AuthorDate: Sat May 18 15:43:52 2019 +0100
Refactor to avoid unnecessary null checks. Identified by Coverity Scan.
---
java/org/apache/catalina/connector/Request.java| 18 ++
java/org/apache/catalina/session/StandardSession.java | 10 +-
.../catalina/storeconfig/ConnectorStoreAppender.java | 2 +-
.../org/apache/catalina/storeconfig/StoreAppender.java | 2 +-
4 files changed, 13 insertions(+), 19 deletions(-)
diff --git a/java/org/apache/catalina/connector/Request.java
b/java/org/apache/catalina/connector/Request.java
index dbcd799..ec38789 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -2992,11 +2992,9 @@ public class Request implements HttpServletRequest {
if (!create) {
return null;
}
-if (response != null
-&& context.getServletContext()
-.getEffectiveSessionTrackingModes()
-.contains(SessionTrackingMode.COOKIE)
-&& response.getResponse().isCommitted()) {
+boolean trackModesIncludesCookie =
+
context.getServletContext().getEffectiveSessionTrackingModes().contains(SessionTrackingMode.COOKIE);
+if (trackModesIncludesCookie && response.getResponse().isCommitted()) {
throw new IllegalStateException(
sm.getString("coyoteRequest.sessionCreateCommitted"));
}
@@ -3045,13 +3043,9 @@ public class Request implements HttpServletRequest {
session = manager.createSession(sessionId);
// Creating a new session cookie based on that session
-if (session != null
-&& context.getServletContext()
-.getEffectiveSessionTrackingModes()
-.contains(SessionTrackingMode.COOKIE)) {
-Cookie cookie =
-ApplicationSessionCookieConfig.createSessionCookie(
-context, session.getIdInternal(), isSecure());
+if (session != null && trackModesIncludesCookie) {
+Cookie cookie = ApplicationSessionCookieConfig.createSessionCookie(
+context, session.getIdInternal(), isSecure());
response.addSessionCookieInternal(cookie);
}
diff --git a/java/org/apache/catalina/session/StandardSession.java
b/java/org/apache/catalina/session/StandardSession.java
index 685c5a1..7753212 100644
--- a/java/org/apache/catalina/session/StandardSession.java
+++ b/java/org/apache/catalina/session/StandardSession.java
@@ -1413,10 +1413,11 @@ public class StandardSession implements HttpSession,
Session, Serializable {
throw new IllegalStateException(
sm.getString("standardSession.setAttribute.ise",
getIdInternal()));
}
-if ((manager != null) && manager.getContext().getDistributable() &&
-!isAttributeDistributable(name, value) && !exclude(name,
value)) {
-throw new IllegalArgumentException(
-sm.getString("standardSession.setAttribute.iae", name));
+
+Context context = manager.getContext();
+
+if (context.getDistributable() && !isAttributeDistributable(name,
value) && !exclude(name, value)) {
+throw new
IllegalArgumentException(sm.getString("standardSession.setAttribute.iae",
name));
}
// Construct an event with the new value
HttpSessionBindingEvent event = null;
@@ -1461,7 +1462,6 @@ public class StandardSession implements HttpSession,
Session, Serializable {
}
// Notify interested application event listeners
-Context context = manager.getContext();
Object listeners[] = context.getApplicationEventListeners();
if (listeners == null) {
return;
diff --git a/java/org/apache/catalina/storeconfig/ConnectorStoreAppender.java
b/java/org/apache/catalina/storeconfig/ConnectorStoreAppender.java
index af0374c..cfb5d32 100644
--- a/java/org/apache/catalina/storeconfig/ConnectorStoreAppender.java
+++ b/java/org/apache/catalina/storeconfig/ConnectorStoreAppender.java
@@ -66,7 +66,7 @@ public class ConnectorStoreAppender extends StoreAppender {
throws Exception {
// Render a className attribute if requested
-if (include && desc != null && !desc.isStandard()) {
+if (include && !desc.isStandard()) {
writer.print(" className=\"");
writer.print(bean.getClass().getName());
writer.print("\"&qu
[tomcat] branch main updated: Use LongAdder for processing time - prompted by Coverity scan report
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 0bb2b572b4 Use LongAdder for processing time - prompted by Coverity
scan report
0bb2b572b4 is described below
commit 0bb2b572b42a5d2740473e04d16d6c36aa92f0c8
Author: Mark Thomas
AuthorDate: Mon Aug 14 17:48:39 2023 +0100
Use LongAdder for processing time - prompted by Coverity scan report
---
java/org/apache/catalina/core/StandardWrapperValve.java | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/catalina/core/StandardWrapperValve.java
b/java/org/apache/catalina/core/StandardWrapperValve.java
index 5426004930..70226ce3a9 100644
--- a/java/org/apache/catalina/core/StandardWrapperValve.java
+++ b/java/org/apache/catalina/core/StandardWrapperValve.java
@@ -63,7 +63,7 @@ final class StandardWrapperValve extends ValveBase {
// Some JMX statistics. This valve is associated with a StandardWrapper.
// We expose the StandardWrapper as JMX ( j2eeType=Servlet ). The fields
// are here for performance.
-private volatile long processingTime;
+private final LongAdder processingTime = new LongAdder();
private volatile long maxTime;
private volatile long minTime = Long.MAX_VALUE;
private final LongAdder requestCount = new LongAdder();
@@ -237,7 +237,7 @@ final class StandardWrapperValve extends ValveBase {
long t2 = System.currentTimeMillis();
long time = t2 - t1;
-processingTime += time;
+processingTime.add(time);
if (time > maxTime) {
maxTime = time;
}
@@ -277,7 +277,7 @@ final class StandardWrapperValve extends ValveBase {
}
public long getProcessingTime() {
-return processingTime;
+return processingTime.sum();
}
public long getMaxTime() {
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.1.x updated: Use LongAdder for processing time - prompted by Coverity scan report
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new d600476f16 Use LongAdder for processing time - prompted by Coverity
scan report
d600476f16 is described below
commit d600476f16527d36c5e31847572b82e87b88e187
Author: Mark Thomas
AuthorDate: Mon Aug 14 17:48:39 2023 +0100
Use LongAdder for processing time - prompted by Coverity scan report
---
java/org/apache/catalina/core/StandardWrapperValve.java | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/catalina/core/StandardWrapperValve.java
b/java/org/apache/catalina/core/StandardWrapperValve.java
index 35a2acba84..70b1cb86e7 100644
--- a/java/org/apache/catalina/core/StandardWrapperValve.java
+++ b/java/org/apache/catalina/core/StandardWrapperValve.java
@@ -63,7 +63,7 @@ final class StandardWrapperValve extends ValveBase {
// Some JMX statistics. This valve is associated with a StandardWrapper.
// We expose the StandardWrapper as JMX ( j2eeType=Servlet ). The fields
// are here for performance.
-private volatile long processingTime;
+private final LongAdder processingTime = new LongAdder();
private volatile long maxTime;
private volatile long minTime = Long.MAX_VALUE;
private final AtomicInteger requestCount = new AtomicInteger(0);
@@ -237,7 +237,7 @@ final class StandardWrapperValve extends ValveBase {
long t2 = System.currentTimeMillis();
long time = t2 - t1;
-processingTime += time;
+processingTime.add(time);
if (time > maxTime) {
maxTime = time;
}
@@ -278,7 +278,7 @@ final class StandardWrapperValve extends ValveBase {
}
public long getProcessingTime() {
-return processingTime;
+return processingTime.sum();
}
public long getMaxTime() {
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Use LongAdder for processing time - prompted by Coverity scan report
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 7257f98007 Use LongAdder for processing time - prompted by Coverity
scan report
7257f98007 is described below
commit 7257f98007f7750daab26706146cc1a4ba8984f0
Author: Mark Thomas
AuthorDate: Mon Aug 14 17:48:39 2023 +0100
Use LongAdder for processing time - prompted by Coverity scan report
---
java/org/apache/catalina/core/StandardWrapperValve.java | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/catalina/core/StandardWrapperValve.java
b/java/org/apache/catalina/core/StandardWrapperValve.java
index 80da74e13a..fadf923731 100644
--- a/java/org/apache/catalina/core/StandardWrapperValve.java
+++ b/java/org/apache/catalina/core/StandardWrapperValve.java
@@ -63,7 +63,7 @@ final class StandardWrapperValve extends ValveBase {
// Some JMX statistics. This valve is associated with a StandardWrapper.
// We expose the StandardWrapper as JMX ( j2eeType=Servlet ). The fields
// are here for performance.
-private volatile long processingTime;
+private final LongAdder processingTime = new LongAdder();
private volatile long maxTime;
private volatile long minTime = Long.MAX_VALUE;
private final AtomicInteger requestCount = new AtomicInteger(0);
@@ -238,7 +238,7 @@ final class StandardWrapperValve extends ValveBase {
long t2 = System.currentTimeMillis();
long time = t2 - t1;
-processingTime += time;
+processingTime.add(time);
if (time > maxTime) {
maxTime = time;
}
@@ -279,7 +279,7 @@ final class StandardWrapperValve extends ValveBase {
}
public long getProcessingTime() {
-return processingTime;
+return processingTime.sum();
}
public long getMaxTime() {
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Use LongAdder for processing time - prompted by Coverity scan report
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new d3c79e735a Use LongAdder for processing time - prompted by Coverity
scan report
d3c79e735a is described below
commit d3c79e735a193e561d6b376ee9a69978fca35dda
Author: Mark Thomas
AuthorDate: Mon Aug 14 17:48:39 2023 +0100
Use LongAdder for processing time - prompted by Coverity scan report
---
java/org/apache/catalina/core/StandardWrapperValve.java | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/catalina/core/StandardWrapperValve.java
b/java/org/apache/catalina/core/StandardWrapperValve.java
index 4ed7d22e1a..c48a01460c 100644
--- a/java/org/apache/catalina/core/StandardWrapperValve.java
+++ b/java/org/apache/catalina/core/StandardWrapperValve.java
@@ -63,7 +63,7 @@ final class StandardWrapperValve extends ValveBase {
// Some JMX statistics. This valve is associated with a StandardWrapper.
// We expose the StandardWrapper as JMX ( j2eeType=Servlet ). The fields
// are here for performance.
-private volatile long processingTime;
+private final LongAdder processingTime = new LongAdder();
private volatile long maxTime;
private volatile long minTime = Long.MAX_VALUE;
private final AtomicInteger requestCount = new AtomicInteger(0);
@@ -238,7 +238,7 @@ final class StandardWrapperValve extends ValveBase {
long t2 = System.currentTimeMillis();
long time = t2 - t1;
-processingTime += time;
+processingTime.add(time);
if (time > maxTime) {
maxTime = time;
}
@@ -278,7 +278,7 @@ final class StandardWrapperValve extends ValveBase {
}
public long getProcessingTime() {
-return processingTime;
+return processingTime.sum();
}
public long getMaxTime() {
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
