[GitHub] [commons-scxml] dependabot[bot] closed pull request #66: Bump junit-jupiter-api from 5.8.2 to 5.9.0
dependabot[bot] closed pull request #66: Bump junit-jupiter-api from 5.8.2 to 5.9.0 URL: https://github.com/apache/commons-scxml/pull/66 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-scxml] dependabot[bot] commented on pull request #66: Bump junit-jupiter-api from 5.8.2 to 5.9.0
dependabot[bot] commented on PR #66: URL: https://github.com/apache/commons-scxml/pull/66#issuecomment-1253033538 Superseded by #70. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-scxml] dependabot[bot] opened a new pull request, #70: Bump junit-jupiter-api from 5.8.2 to 5.9.1
dependabot[bot] opened a new pull request, #70: URL: https://github.com/apache/commons-scxml/pull/70 Bumps [junit-jupiter-api](https://github.com/junit-team/junit5) from 5.8.2 to 5.9.1. Release notes Sourced from https://github.com/junit-team/junit5/releases;>junit-jupiter-api's releases. JUnit 5.9.1 = Platform 1.9.1 + Jupiter 5.9.1 + Vintage 5.9.1 See http://junit.org/junit5/docs/5.9.1/release-notes/;>Release Notes. JUnit 5.9.0 = Platform 1.9.0 + Jupiter 5.9.0 + Vintage 5.9.0 See http://junit.org/junit5/docs/5.9.0/release-notes/;>Release Notes. JUnit 5.9.0-RC1 = Platform 1.9.0-RC1 + Jupiter 5.9.0-RC1 + Vintage 5.9.0-RC1 See http://junit.org/junit5/docs/5.9.0-RC1/release-notes/;>Release Notes. JUnit 5.9.0-M1 = Platform 1.9.0-M1 + Jupiter 5.9.0-M1 + Vintage 5.9.0-M1 See http://junit.org/junit5/docs/5.9.0-M1/release-notes/;>Release Notes. Commits https://github.com/junit-team/junit5/commit/732a5400f80c8f446daa8b43eaa4b41b3da929be;>732a540 Release 5.9.1 https://github.com/junit-team/junit5/commit/88bf48d54534b90f74b64b7060f3d09205c9ff9a;>88bf48d Prepare release notes for 5.9.1 https://github.com/junit-team/junit5/commit/d75e34d20f3b9c297b6c38a679888a676f0b92a3;>d75e34d Update scope for 5.9.1 https://github.com/junit-team/junit5/commit/9823f7329a97b4ca6d0922b1c62b6526d615f761;>9823f73 Link to all 5.9 milestone pages https://github.com/junit-team/junit5/commit/76719bb085c1e395824af8d941ed40b9ac359d1d;>76719bb Increase timeout for GraalVM test https://github.com/junit-team/junit5/commit/2a809848e56c7d26b3dbd964a1d99e37ca61acc6;>2a80984 Install GraalVM for main CI build on Linux https://github.com/junit-team/junit5/commit/79f47f51aa8880c78ceeb04e8c837b28d73a2b94;>79f47f5 Refactor OpenTestReportGeneratingListener to work in native images https://github.com/junit-team/junit5/commit/7229385d5edc7f2b78363f8bd0026a86c53bc44e;>7229385 Add failing integration test for execution on GraalVM native image https://github.com/junit-team/junit5/commit/343170f314221ac8d91fea52617234058abfc39a;>343170f Fix running tests in documentation from IntelliJ IDEA https://github.com/junit-team/junit5/commit/352d06b3b27d5f1921dda1876c2dedb6f4f6b70f;>352d06b Attempt to stabilize test on Windows Additional commits viewable in https://github.com/junit-team/junit5/compare/r5.8.2...r5.9.1;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.junit.jupiter:junit-jupiter-api=maven=5.8.2=5.9.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-scxml] dependabot[bot] closed pull request #56: Bump jaxb-impl from 2.3.6 to 4.0.0
dependabot[bot] closed pull request #56: Bump jaxb-impl from 2.3.6 to 4.0.0 URL: https://github.com/apache/commons-scxml/pull/56 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-scxml] dependabot[bot] commented on pull request #56: Bump jaxb-impl from 2.3.6 to 4.0.0
dependabot[bot] commented on PR #56: URL: https://github.com/apache/commons-scxml/pull/56#issuecomment-1253033501 Superseded by #69. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-scxml] dependabot[bot] closed pull request #65: Bump junit-jupiter-engine from 5.8.2 to 5.9.0
dependabot[bot] closed pull request #65: Bump junit-jupiter-engine from 5.8.2 to 5.9.0 URL: https://github.com/apache/commons-scxml/pull/65 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-scxml] dependabot[bot] opened a new pull request, #69: Bump jaxb-impl from 2.3.6 to 4.0.1
dependabot[bot] opened a new pull request, #69: URL: https://github.com/apache/commons-scxml/pull/69 Bumps jaxb-impl from 2.3.6 to 4.0.1. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.sun.xml.bind:jaxb-impl=maven=2.3.6=4.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-scxml] dependabot[bot] commented on pull request #65: Bump junit-jupiter-engine from 5.8.2 to 5.9.0
dependabot[bot] commented on PR #65: URL: https://github.com/apache/commons-scxml/pull/65#issuecomment-1253033456 Superseded by #68. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-scxml] dependabot[bot] opened a new pull request, #68: Bump junit-jupiter-engine from 5.8.2 to 5.9.1
dependabot[bot] opened a new pull request, #68: URL: https://github.com/apache/commons-scxml/pull/68 Bumps [junit-jupiter-engine](https://github.com/junit-team/junit5) from 5.8.2 to 5.9.1. Release notes Sourced from https://github.com/junit-team/junit5/releases;>junit-jupiter-engine's releases. JUnit 5.9.1 = Platform 1.9.1 + Jupiter 5.9.1 + Vintage 5.9.1 See http://junit.org/junit5/docs/5.9.1/release-notes/;>Release Notes. JUnit 5.9.0 = Platform 1.9.0 + Jupiter 5.9.0 + Vintage 5.9.0 See http://junit.org/junit5/docs/5.9.0/release-notes/;>Release Notes. JUnit 5.9.0-RC1 = Platform 1.9.0-RC1 + Jupiter 5.9.0-RC1 + Vintage 5.9.0-RC1 See http://junit.org/junit5/docs/5.9.0-RC1/release-notes/;>Release Notes. JUnit 5.9.0-M1 = Platform 1.9.0-M1 + Jupiter 5.9.0-M1 + Vintage 5.9.0-M1 See http://junit.org/junit5/docs/5.9.0-M1/release-notes/;>Release Notes. Commits https://github.com/junit-team/junit5/commit/732a5400f80c8f446daa8b43eaa4b41b3da929be;>732a540 Release 5.9.1 https://github.com/junit-team/junit5/commit/88bf48d54534b90f74b64b7060f3d09205c9ff9a;>88bf48d Prepare release notes for 5.9.1 https://github.com/junit-team/junit5/commit/d75e34d20f3b9c297b6c38a679888a676f0b92a3;>d75e34d Update scope for 5.9.1 https://github.com/junit-team/junit5/commit/9823f7329a97b4ca6d0922b1c62b6526d615f761;>9823f73 Link to all 5.9 milestone pages https://github.com/junit-team/junit5/commit/76719bb085c1e395824af8d941ed40b9ac359d1d;>76719bb Increase timeout for GraalVM test https://github.com/junit-team/junit5/commit/2a809848e56c7d26b3dbd964a1d99e37ca61acc6;>2a80984 Install GraalVM for main CI build on Linux https://github.com/junit-team/junit5/commit/79f47f51aa8880c78ceeb04e8c837b28d73a2b94;>79f47f5 Refactor OpenTestReportGeneratingListener to work in native images https://github.com/junit-team/junit5/commit/7229385d5edc7f2b78363f8bd0026a86c53bc44e;>7229385 Add failing integration test for execution on GraalVM native image https://github.com/junit-team/junit5/commit/343170f314221ac8d91fea52617234058abfc39a;>343170f Fix running tests in documentation from IntelliJ IDEA https://github.com/junit-team/junit5/commit/352d06b3b27d5f1921dda1876c2dedb6f4f6b70f;>352d06b Attempt to stabilize test on Windows Additional commits viewable in https://github.com/junit-team/junit5/compare/r5.8.2...r5.9.1;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.junit.jupiter:junit-jupiter-engine=maven=5.8.2=5.9.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-vfs] garydgregory commented on pull request #300: VFS-824 HttpFileSystem free Unused Resources lead to HttpClient Conn…
garydgregory commented on PR #300: URL: https://github.com/apache/commons-vfs/pull/300#issuecomment-1253012294 You must have not run a local build with the default Maven goal (`mvn`): ``` [ERROR] src/main/java/org/apache/commons/vfs2/provider/AbstractFileProvider.java:[19,17] (imports) AvoidStarImport: Using the '.*' form of import should be avoided - java.util.*. ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-email] dependabot[bot] closed pull request #91: Bump slf4j-jdk14 from 1.7.7 to 2.0.1
dependabot[bot] closed pull request #91: Bump slf4j-jdk14 from 1.7.7 to 2.0.1 URL: https://github.com/apache/commons-email/pull/91 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-email] dependabot[bot] commented on pull request #91: Bump slf4j-jdk14 from 1.7.7 to 2.0.1
dependabot[bot] commented on PR #91: URL: https://github.com/apache/commons-email/pull/91#issuecomment-1252851145 Superseded by #92. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-email] dependabot[bot] opened a new pull request, #92: Bump slf4j-jdk14 from 1.7.7 to 2.0.2
dependabot[bot] opened a new pull request, #92: URL: https://github.com/apache/commons-email/pull/92 Bumps [slf4j-jdk14](https://github.com/qos-ch/slf4j) from 1.7.7 to 2.0.2. Commits See full diff in https://github.com/qos-ch/slf4j/commits;>compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.slf4j:slf4j-jdk14=maven=1.7.7=2.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (BCEL-364) Integrating bcel into oss-fuzz
[ https://issues.apache.org/jira/browse/BCEL-364?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17607354#comment-17607354 ] Gary D. Gregory commented on BCEL-364: -- I agree. We don't need machine generated content dumped on our heads without qualification. > Integrating bcel into oss-fuzz > -- > > Key: BCEL-364 > URL: https://issues.apache.org/jira/browse/BCEL-364 > Project: Commons BCEL > Issue Type: Improvement >Reporter: A. Schaich >Priority: Minor > > Hi all, > we have prepared the [Initial > integration|https://github.com/CodeIntelligenceTesting/oss-fuzz/commit/8e98d61d59164683ff72203b5aa6768cb3d68acb] > of bcel into [Google OSS-Fuzz|https://github.com/google/oss-fuzz] which will > provide more security for your project. > > *Why do you need Fuzzing?* > The Code Intelligence JVM fuzzer > [Jazzer|https://github.com/CodeIntelligenceTesting/jazzer] has already found > [hundreds of bugs|https://github.com/CodeIntelligenceTesting/jazzer#findings] > in open source projects including for example > [OpenJDK|https://nvd.nist.gov/vuln/detail/CVE-2022-21360], > [Protobuf|https://nvd.nist.gov/vuln/detail/CVE-2021-22569] or > [jsoup|https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c]. > Fuzzing proved to be very effective having no false positives. It provides a > crashing input which helps you to reproduce and debug any finding easily. The > integration of your project into the OSS-Fuzz platform will enable continuous > fuzzing of your project by > [Jazzer|https://github.com/CodeIntelligenceTesting/jazzer]. > > *What do you need to do?* > The integration requires the maintainer or one established project commiter > to deal with the bug reports. > You need to create or provide one email address that is associated with a > google account as per > [here|https://google.github.io/oss-fuzz/getting-started/accepting-new-projects/]. > When a bug is found, you will receive an email that will provide you with > access to ClusterFuzz, crash reports, code coverage reports and fuzzer > statistics. More than 1 person can be included. > > *How Code Intelligence can support?* > We will continue to add more fuzz targets to improve code coverage over time. > Furthermore, we are permanently enhancing fuzzing technologies by developing > new fuzzers and more bug detectors. > > Please let me know if you have any questions regarding fuzzing or the > OSS-Fuzz integration. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (TEXT-218) Add method writeTo(Writer):void to TextStringBuilder
[ https://issues.apache.org/jira/browse/TEXT-218?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gary D. Gregory closed TEXT-218. Resolution: Information Provided > Add method writeTo(Writer):void to TextStringBuilder > > > Key: TEXT-218 > URL: https://issues.apache.org/jira/browse/TEXT-218 > Project: Commons Text > Issue Type: New Feature >Affects Versions: 1.9 >Reporter: Tom Strijmeers >Priority: Major > > It would be nice if the {{org.apache.commons.text.TextStringBuilder}} had > methods to write its internal char buffer to a Writer. The opposite of the > current {{readFrom(java.io.Reader):int}} and {{readFrom(java.io.Reader, > int):int}} methods. > The javadoc of {{org.apache.commons.text.TextStringBuilder}} states that > "subclasses have direct access to character array". But that is only > partially true in my opinion. The internal char array is private protected > and the {{getBuffer():char[]}} method is package protected. > Meaning that I could create a subclass but it has to be in the > {{org.apache.commons.text}} package. And that's something I don't like doing. > So giving the TextStringBuilder to ability to write out its internal buffer > is a good alternative in my opinion. > {code:java} > /** > * Writes all chars from the internal buffer directly to the provided > {@link java.io.Writer} without making extra copies. > * > * @param writer Writer to write > * @throws IOException if an I/O error occurs. > */ > public void writeTo(Writer writer) throws IOException { > if(length() == 0) { > return; > } > writer.write(getBuffer(), 0, length()); > } > /** > * Writes a portion of the chars from the internal buffer directly to the > provided {@link java.io.Writer} without making extra copies. > * > * @param writer Writer to write > * @param offset Offset from which to start writing characters from the > internal buffer > * @param length Number of characters to write > * @throws IOException if an I/O error occurs. > * @throws StringIndexOutOfBoundsException if any of the following is > true: > * > * {@code offset} is > negative > * {@code offset} is greater > than {@code this.length()} > * {@code length} is > negative > * {@code length} is greater > than {@code this.length()} > * {@code offset} and {@code > length} combined is greater than {@code this.length()} > * > */ > public void writeTo(Writer writer, int offset, int length) throws > IOException { > if(offset < 0 || offset > length()) { > throw new StringIndexOutOfBoundsException(offset); > } > if(length < 0 || length > length()) { > throw new StringIndexOutOfBoundsException(length); > } > if((offset + length) > length()) { > throw new StringIndexOutOfBoundsException(length); > } > if(length == 0) { > return; > } > writer.write(getBuffer(), offset, length); > } > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (BCEL-364) Integrating bcel into oss-fuzz
[ https://issues.apache.org/jira/browse/BCEL-364?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17607264#comment-17607264 ] Mark Thomas commented on BCEL-364: -- The "no false positives" claim does not stand up to scrutiny. The false positive rate for the Tomcat integration provided by Code Intelligence is currently running at between 80% and 90%. While a few bugs have been found, none of them have had any security implications. Based on the experience with Tomcat, and given that BCEL is neither designed nor intended to handle untrusted input, I'd question whether it is an effect use of the limited volunteer effort in the BCEL community to engage with this initiative without some changes. I strongly recommend that we make it a condition of engaging with this initiative that all reported issues are first manually vetted by Code Intelligence for validity BEFORE being passed to the BCEL project for resolution. > Integrating bcel into oss-fuzz > -- > > Key: BCEL-364 > URL: https://issues.apache.org/jira/browse/BCEL-364 > Project: Commons BCEL > Issue Type: Improvement >Reporter: A. Schaich >Priority: Minor > > Hi all, > we have prepared the [Initial > integration|https://github.com/CodeIntelligenceTesting/oss-fuzz/commit/8e98d61d59164683ff72203b5aa6768cb3d68acb] > of bcel into [Google OSS-Fuzz|https://github.com/google/oss-fuzz] which will > provide more security for your project. > > *Why do you need Fuzzing?* > The Code Intelligence JVM fuzzer > [Jazzer|https://github.com/CodeIntelligenceTesting/jazzer] has already found > [hundreds of bugs|https://github.com/CodeIntelligenceTesting/jazzer#findings] > in open source projects including for example > [OpenJDK|https://nvd.nist.gov/vuln/detail/CVE-2022-21360], > [Protobuf|https://nvd.nist.gov/vuln/detail/CVE-2021-22569] or > [jsoup|https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c]. > Fuzzing proved to be very effective having no false positives. It provides a > crashing input which helps you to reproduce and debug any finding easily. The > integration of your project into the OSS-Fuzz platform will enable continuous > fuzzing of your project by > [Jazzer|https://github.com/CodeIntelligenceTesting/jazzer]. > > *What do you need to do?* > The integration requires the maintainer or one established project commiter > to deal with the bug reports. > You need to create or provide one email address that is associated with a > google account as per > [here|https://google.github.io/oss-fuzz/getting-started/accepting-new-projects/]. > When a bug is found, you will receive an email that will provide you with > access to ClusterFuzz, crash reports, code coverage reports and fuzzer > statistics. More than 1 person can be included. > > *How Code Intelligence can support?* > We will continue to add more fuzz targets to improve code coverage over time. > Furthermore, we are permanently enhancing fuzzing technologies by developing > new fuzzers and more bug detectors. > > Please let me know if you have any questions regarding fuzzing or the > OSS-Fuzz integration. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (BCEL-364) Integrating bcel into oss-fuzz
A. Schaich created BCEL-364: --- Summary: Integrating bcel into oss-fuzz Key: BCEL-364 URL: https://issues.apache.org/jira/browse/BCEL-364 Project: Commons BCEL Issue Type: Improvement Reporter: A. Schaich Hi all, we have prepared the [Initial integration|https://github.com/CodeIntelligenceTesting/oss-fuzz/commit/8e98d61d59164683ff72203b5aa6768cb3d68acb] of bcel into [Google OSS-Fuzz|https://github.com/google/oss-fuzz] which will provide more security for your project. *Why do you need Fuzzing?* The Code Intelligence JVM fuzzer [Jazzer|https://github.com/CodeIntelligenceTesting/jazzer] has already found [hundreds of bugs|https://github.com/CodeIntelligenceTesting/jazzer#findings] in open source projects including for example [OpenJDK|https://nvd.nist.gov/vuln/detail/CVE-2022-21360], [Protobuf|https://nvd.nist.gov/vuln/detail/CVE-2021-22569] or [jsoup|https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c]. Fuzzing proved to be very effective having no false positives. It provides a crashing input which helps you to reproduce and debug any finding easily. The integration of your project into the OSS-Fuzz platform will enable continuous fuzzing of your project by [Jazzer|https://github.com/CodeIntelligenceTesting/jazzer]. *What do you need to do?* The integration requires the maintainer or one established project commiter to deal with the bug reports. You need to create or provide one email address that is associated with a google account as per [here|https://google.github.io/oss-fuzz/getting-started/accepting-new-projects/]. When a bug is found, you will receive an email that will provide you with access to ClusterFuzz, crash reports, code coverage reports and fuzzer statistics. More than 1 person can be included. *How Code Intelligence can support?* We will continue to add more fuzz targets to improve code coverage over time. Furthermore, we are permanently enhancing fuzzing technologies by developing new fuzzers and more bug detectors. Please let me know if you have any questions regarding fuzzing or the OSS-Fuzz integration. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (TEXT-218) Add method writeTo(Writer):void to TextStringBuilder
[ https://issues.apache.org/jira/browse/TEXT-218?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17607250#comment-17607250 ] Tom Strijmeers commented on TEXT-218: - Hello [~ggregory], you are absolutely right! I can't belief I looked over the {{appendTo(Appendable)}} method. Tom > Add method writeTo(Writer):void to TextStringBuilder > > > Key: TEXT-218 > URL: https://issues.apache.org/jira/browse/TEXT-218 > Project: Commons Text > Issue Type: New Feature >Affects Versions: 1.9 >Reporter: Tom Strijmeers >Priority: Major > > It would be nice if the {{org.apache.commons.text.TextStringBuilder}} had > methods to write its internal char buffer to a Writer. The opposite of the > current {{readFrom(java.io.Reader):int}} and {{readFrom(java.io.Reader, > int):int}} methods. > The javadoc of {{org.apache.commons.text.TextStringBuilder}} states that > "subclasses have direct access to character array". But that is only > partially true in my opinion. The internal char array is private protected > and the {{getBuffer():char[]}} method is package protected. > Meaning that I could create a subclass but it has to be in the > {{org.apache.commons.text}} package. And that's something I don't like doing. > So giving the TextStringBuilder to ability to write out its internal buffer > is a good alternative in my opinion. > {code:java} > /** > * Writes all chars from the internal buffer directly to the provided > {@link java.io.Writer} without making extra copies. > * > * @param writer Writer to write > * @throws IOException if an I/O error occurs. > */ > public void writeTo(Writer writer) throws IOException { > if(length() == 0) { > return; > } > writer.write(getBuffer(), 0, length()); > } > /** > * Writes a portion of the chars from the internal buffer directly to the > provided {@link java.io.Writer} without making extra copies. > * > * @param writer Writer to write > * @param offset Offset from which to start writing characters from the > internal buffer > * @param length Number of characters to write > * @throws IOException if an I/O error occurs. > * @throws StringIndexOutOfBoundsException if any of the following is > true: > * > * {@code offset} is > negative > * {@code offset} is greater > than {@code this.length()} > * {@code length} is > negative > * {@code length} is greater > than {@code this.length()} > * {@code offset} and {@code > length} combined is greater than {@code this.length()} > * > */ > public void writeTo(Writer writer, int offset, int length) throws > IOException { > if(offset < 0 || offset > length()) { > throw new StringIndexOutOfBoundsException(offset); > } > if(length < 0 || length > length()) { > throw new StringIndexOutOfBoundsException(length); > } > if((offset + length) > length()) { > throw new StringIndexOutOfBoundsException(length); > } > if(length == 0) { > return; > } > writer.write(getBuffer(), offset, length); > } > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [commons-bcel] rjatkins commented on pull request #147: BCEL-363 Enforce MAX_CP_ENTRIES in ConstantPoolGen and ConstantPool.dump
rjatkins commented on PR #147: URL: https://github.com/apache/commons-bcel/pull/147#issuecomment-1252348768 I've added the requested test coverage. Let me know if you need further changes -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-bcel] rjatkins commented on a diff in pull request #147: BCEL-363 Enforce MAX_CP_ENTRIES in ConstantPoolGen and ConstantPool.dump
rjatkins commented on code in PR #147: URL: https://github.com/apache/commons-bcel/pull/147#discussion_r975354533 ## src/main/java/org/apache/bcel/generic/ConstantPoolGen.java: ## @@ -561,9 +561,18 @@ public int addUtf8(final String n) { * Resize internal array of constants. */ protected void adjustSize() { +// 3 extra spaces are needed as some entries may take 3 slots +if (index + 3 >= Const.MAX_CP_ENTRIES + 1) { +throw new RuntimeException("The number of constants " + (index + 3) Review Comment: Since we don't have any arguments to check here, I've opted to throw IllegalStateException. This exception seems appropriate, since we would otherwise violate the invariant that the ConstantPoolGen.constants is a valid constant pool. ## src/main/java/org/apache/bcel/classfile/ConstantPool.java: ## @@ -230,8 +230,15 @@ public ConstantPool copy() { * @throws IOException if problem in writeShort or dump */ public void dump(final DataOutputStream file) throws IOException { -file.writeShort(constantPool.length); -for (int i = 1; i < constantPool.length; i++) { +/* + * Constants over the size of the constant pool shall not be written out. + * This is a redundant measure as the ConstantPoolGen should have already + * reported an error back in the situation. +*/ +int size = Math.min(constantPool.length, Const.MAX_CP_ENTRIES); Review Comment: Done -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Work logged] (LANG-1692) Cast FieldUtils.readField result to the recipient type
[ https://issues.apache.org/jira/browse/LANG-1692?focusedWorklogId=810372=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-810372 ] ASF GitHub Bot logged work on LANG-1692: Author: ASF GitHub Bot Created on: 20/Sep/22 12:34 Start Date: 20/Sep/22 12:34 Worklog Time Spent: 10m Work Description: tisonkun commented on PR #951: URL: https://github.com/apache/commons-lang/pull/951#issuecomment-1252289567 @garydgregory Thanks for your comments. Will push a followup later this week. Issue Time Tracking --- Worklog Id: (was: 810372) Time Spent: 1h 40m (was: 1.5h) > Cast FieldUtils.readField result to the recipient type > -- > > Key: LANG-1692 > URL: https://issues.apache.org/jira/browse/LANG-1692 > Project: Commons Lang > Issue Type: Task > Components: lang.reflect.* >Reporter: Zili Chen >Priority: Major > Time Spent: 1h 40m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [commons-lang] tisonkun commented on pull request #951: [LANG-1692] Cast FieldUtils.readField result to the recipient type
tisonkun commented on PR #951: URL: https://github.com/apache/commons-lang/pull/951#issuecomment-1252289567 @garydgregory Thanks for your comments. Will push a followup later this week. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-bcel] garydgregory commented on pull request #147: BCEL-363 Enforce MAX_CP_ENTRIES in ConstantPoolGen and ConstantPool.dump
garydgregory commented on PR #147: URL: https://github.com/apache/commons-bcel/pull/147#issuecomment-1252285218 https://issues.apache.org/jira/browse/BCEL-363 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-bcel] garydgregory commented on pull request #145: Bump ossf/scorecard-action from 1.1.2 to 2.0.3
garydgregory commented on PR #145: URL: https://github.com/apache/commons-bcel/pull/145#issuecomment-1252283953 Closing, we are pinner to a specific version by Apache Infra. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-bcel] garydgregory commented on a diff in pull request #99: Minor Changes:
garydgregory commented on code in PR #99: URL: https://github.com/apache/commons-bcel/pull/99#discussion_r810508673 ## src/main/java/org/apache/bcel/generic/Instruction.java: ## @@ -465,8 +465,7 @@ public static Instruction readInstruction( final ByteSequence bytes ) throws IOE } -if (wide -&& !(obj instanceof LocalVariableInstruction || obj instanceof IINC || obj instanceof RET)) { +if (wide && !(obj instanceof LocalVariableInstruction || obj instanceof RET)) { Review Comment: Hi @arturobernalg TY for your PR. Why is this one logic changes an improvement? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-bcel] dependabot[bot] commented on pull request #145: Bump ossf/scorecard-action from 1.1.2 to 2.0.3
dependabot[bot] commented on PR #145: URL: https://github.com/apache/commons-bcel/pull/145#issuecomment-1252283996 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-bcel] garydgregory closed pull request #145: Bump ossf/scorecard-action from 1.1.2 to 2.0.3
garydgregory closed pull request #145: Bump ossf/scorecard-action from 1.1.2 to 2.0.3 URL: https://github.com/apache/commons-bcel/pull/145 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-bcel] garydgregory commented on a diff in pull request #147: BCEL-363 Enforce MAX_CP_ENTRIES in ConstantPoolGen and ConstantPool.dump
garydgregory commented on code in PR #147: URL: https://github.com/apache/commons-bcel/pull/147#discussion_r975296683 ## src/main/java/org/apache/bcel/classfile/ConstantPool.java: ## @@ -230,8 +230,15 @@ public ConstantPool copy() { * @throws IOException if problem in writeShort or dump */ public void dump(final DataOutputStream file) throws IOException { -file.writeShort(constantPool.length); -for (int i = 1; i < constantPool.length; i++) { +/* + * Constants over the size of the constant pool shall not be written out. + * This is a redundant measure as the ConstantPoolGen should have already + * reported an error back in the situation. +*/ +int size = Math.min(constantPool.length, Const.MAX_CP_ENTRIES); Review Comment: Use `final` where you can. ## src/main/java/org/apache/bcel/generic/ConstantPoolGen.java: ## @@ -561,9 +561,18 @@ public int addUtf8(final String n) { * Resize internal array of constants. */ protected void adjustSize() { +// 3 extra spaces are needed as some entries may take 3 slots +if (index + 3 >= Const.MAX_CP_ENTRIES + 1) { +throw new RuntimeException("The number of constants " + (index + 3) Review Comment: Throwing `RuntimeException` is an anti-pattern IMO, using `IllegalArgumentException` or `IllegalStateException` would be better. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (TEXT-218) Add method writeTo(Writer):void to TextStringBuilder
[ https://issues.apache.org/jira/browse/TEXT-218?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17607154#comment-17607154 ] Gary D. Gregory commented on TEXT-218: -- Hello [~tstrijmeers] -1: This duplicates the functionality of {{org.apache.commons.text.TextStringBuilder.appendTo(Appendable)}} See {{org.apache.commons.text.TextStringBuilderTest.testAppendToWriter()}} Or am I missing something? > Add method writeTo(Writer):void to TextStringBuilder > > > Key: TEXT-218 > URL: https://issues.apache.org/jira/browse/TEXT-218 > Project: Commons Text > Issue Type: New Feature >Affects Versions: 1.9 >Reporter: Tom Strijmeers >Priority: Major > > It would be nice if the {{org.apache.commons.text.TextStringBuilder}} had > methods to write its internal char buffer to a Writer. The opposite of the > current {{readFrom(java.io.Reader):int}} and {{readFrom(java.io.Reader, > int):int}} methods. > The javadoc of {{org.apache.commons.text.TextStringBuilder}} states that > "subclasses have direct access to character array". But that is only > partially true in my opinion. The internal char array is private protected > and the {{getBuffer():char[]}} method is package protected. > Meaning that I could create a subclass but it has to be in the > {{org.apache.commons.text}} package. And that's something I don't like doing. > So giving the TextStringBuilder to ability to write out its internal buffer > is a good alternative in my opinion. > {code:java} > /** > * Writes all chars from the internal buffer directly to the provided > {@link java.io.Writer} without making extra copies. > * > * @param writer Writer to write > * @throws IOException if an I/O error occurs. > */ > public void writeTo(Writer writer) throws IOException { > if(length() == 0) { > return; > } > writer.write(getBuffer(), 0, length()); > } > /** > * Writes a portion of the chars from the internal buffer directly to the > provided {@link java.io.Writer} without making extra copies. > * > * @param writer Writer to write > * @param offset Offset from which to start writing characters from the > internal buffer > * @param length Number of characters to write > * @throws IOException if an I/O error occurs. > * @throws StringIndexOutOfBoundsException if any of the following is > true: > * > * {@code offset} is > negative > * {@code offset} is greater > than {@code this.length()} > * {@code length} is > negative > * {@code length} is greater > than {@code this.length()} > * {@code offset} and {@code > length} combined is greater than {@code this.length()} > * > */ > public void writeTo(Writer writer, int offset, int length) throws > IOException { > if(offset < 0 || offset > length()) { > throw new StringIndexOutOfBoundsException(offset); > } > if(length < 0 || length > length()) { > throw new StringIndexOutOfBoundsException(length); > } > if((offset + length) > length()) { > throw new StringIndexOutOfBoundsException(length); > } > if(length == 0) { > return; > } > writer.write(getBuffer(), offset, length); > } > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (LANG-1692) Cast FieldUtils.readField result to the recipient type
[ https://issues.apache.org/jira/browse/LANG-1692?focusedWorklogId=810357=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-810357 ] ASF GitHub Bot logged work on LANG-1692: Author: ASF GitHub Bot Created on: 20/Sep/22 11:38 Start Date: 20/Sep/22 11:38 Worklog Time Spent: 10m Work Description: garydgregory commented on code in PR #951: URL: https://github.com/apache/commons-lang/pull/951#discussion_r975248075 ## src/main/java/org/apache/commons/lang3/reflect/FieldUtils.java: ## @@ -254,23 +254,23 @@ public static List getFieldsListWithAnnotation(final Class cls, final /** * Reads an accessible {@code static} {@link Field}. * - * @param field Review Comment: In general, please keep cosmetic and stylistic changes out of PRs, it makes PRs noisier, and takes longer to review. Issue Time Tracking --- Worklog Id: (was: 810357) Time Spent: 1.5h (was: 1h 20m) > Cast FieldUtils.readField result to the recipient type > -- > > Key: LANG-1692 > URL: https://issues.apache.org/jira/browse/LANG-1692 > Project: Commons Lang > Issue Type: Task > Components: lang.reflect.* >Reporter: Zili Chen >Priority: Major > Time Spent: 1.5h > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [commons-lang] garydgregory commented on a diff in pull request #951: [LANG-1692] Cast FieldUtils.readField result to the recipient type
garydgregory commented on code in PR #951: URL: https://github.com/apache/commons-lang/pull/951#discussion_r975248075 ## src/main/java/org/apache/commons/lang3/reflect/FieldUtils.java: ## @@ -254,23 +254,23 @@ public static List getFieldsListWithAnnotation(final Class cls, final /** * Reads an accessible {@code static} {@link Field}. * - * @param field Review Comment: In general, please keep cosmetic and stylistic changes out of PRs, it makes PRs noisier, and takes longer to review. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [commons-bcel] rjatkins opened a new pull request, #147: BCEL-363 Enforce MAX_CP_ENTRIES in ConstantPoolGen and ConstantPool.dump
rjatkins opened a new pull request, #147: URL: https://github.com/apache/commons-bcel/pull/147 Reapplies the fix in https://github.com/openjdk/jdk11u/commit/13bf52c8d876528a43be7cb77a1f452d29a21492 but using the Const constant for the constant pool size limit. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (BCEL-363) ConstantPoolGen can generate constant pools that are too large
[ https://issues.apache.org/jira/browse/BCEL-363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17607132#comment-17607132 ] Gary D. Gregory commented on BCEL-363: -- Hello [~richarda] Thank you for the report. We welcome PRs on GitHub :) > ConstantPoolGen can generate constant pools that are too large > -- > > Key: BCEL-363 > URL: https://issues.apache.org/jira/browse/BCEL-363 > Project: Commons BCEL > Issue Type: Bug > Components: Main >Reporter: Richard Atkins >Priority: Major > > ConstantPoolGen does not limit the number of constants it writes to the > Constant Pool, and can generate corrupted classfiles. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (TEXT-218) Add method writeTo(Writer):void to TextStringBuilder
Tom Strijmeers created TEXT-218: --- Summary: Add method writeTo(Writer):void to TextStringBuilder Key: TEXT-218 URL: https://issues.apache.org/jira/browse/TEXT-218 Project: Commons Text Issue Type: New Feature Affects Versions: 1.9 Reporter: Tom Strijmeers It would be nice if the {{org.apache.commons.text.TextStringBuilder}} had methods to write its internal char buffer to a Writer. The opposite of the current {{readFrom(java.io.Reader):int}} and {{readFrom(java.io.Reader, int):int}} methods. The javadoc of {{org.apache.commons.text.TextStringBuilder}} states that "subclasses have direct access to character array". But that is only partially true in my opinion. The internal char array is private protected and the {{getBuffer():char[]}} method is package protected. Meaning that I could create a subclass but it has to be in the {{org.apache.commons.text}} package. And that's something I don't like doing. So giving the TextStringBuilder to ability to write out its internal buffer is a good alternative in my opinion. {code:java} /** * Writes all chars from the internal buffer directly to the provided {@link java.io.Writer} without making extra copies. * * @param writer Writer to write * @throws IOException if an I/O error occurs. */ public void writeTo(Writer writer) throws IOException { if(length() == 0) { return; } writer.write(getBuffer(), 0, length()); } /** * Writes a portion of the chars from the internal buffer directly to the provided {@link java.io.Writer} without making extra copies. * * @param writer Writer to write * @param offset Offset from which to start writing characters from the internal buffer * @param length Number of characters to write * @throws IOException if an I/O error occurs. * @throws StringIndexOutOfBoundsException if any of the following is true: * * {@code offset} is negative * {@code offset} is greater than {@code this.length()} * {@code length} is negative * {@code length} is greater than {@code this.length()} * {@code offset} and {@code length} combined is greater than {@code this.length()} * */ public void writeTo(Writer writer, int offset, int length) throws IOException { if(offset < 0 || offset > length()) { throw new StringIndexOutOfBoundsException(offset); } if(length < 0 || length > length()) { throw new StringIndexOutOfBoundsException(length); } if((offset + length) > length()) { throw new StringIndexOutOfBoundsException(length); } if(length == 0) { return; } writer.write(getBuffer(), offset, length); } {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (BCEL-363) ConstantPoolGen can generate constant pools that are too large
Richard Atkins created BCEL-363: --- Summary: ConstantPoolGen can generate constant pools that are too large Key: BCEL-363 URL: https://issues.apache.org/jira/browse/BCEL-363 Project: Commons BCEL Issue Type: Bug Components: Main Reporter: Richard Atkins ConstantPoolGen does not limit the number of constants it writes to the Constant Pool, and can generate corrupted classfiles. -- This message was sent by Atlassian Jira (v8.20.10#820010)