Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-8369

Avoid using Long.bitCount() in RightSet#size() since some implementation may introduce a security issue

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 4.1.4, 4.2, 4.3-milestone-1
    • Fix Version/s: 4.3-milestone-2
    • Component/s: Security
    • Labels:
      None
    • Difficulty:
      Trivial
    • Documentation:
      N/A
    • Documentation in Release Notes:
      N/A
    • Similar issues:

      Description

      Some versions of the Oracle/Sun implementation may have an issue with Long.bitCount(), see:

      [Java 6] Wrong results from basic comparisons after calls to Long.bitCount(long)
      pmd : XPathRule_1339015068
      See Bug ID : 7063674
      http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7063674

      So, for safety, we have copied the source used for the openJDK7 implementation as a replacement to the use of Long.bitCount().

        Attachments

          Activity

            People

            • Assignee:
              softec Denis Gervalle
              Reporter:
              softec Denis Gervalle
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: