Skip to content

Fix ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT in DataConverter #253

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jul 2, 2025
Merged

Fix ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT in DataConverter #253

merged 3 commits into from
Jul 2, 2025

Conversation

ic0ns
Copy link
Contributor

@ic0ns ic0ns commented Jun 30, 2025

Summary

  • Fixed SpotBugs ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT issue in DataConverter.java
  • Added proper masking (0xFF) when casting unsigned right shift results to byte
  • Added comprehensive tests for negative values to ensure correctness

Details

The issue was in the intToBytes() and longToBytes() methods where unsigned right shift operations (>>>) were being cast directly to byte without proper masking. This could cause issues with sign extension.

The fix adds & 0xFF masking to ensure only the lower 8 bits are preserved when casting from int/long to byte:

// Before
result[i] = (byte) (value >>> shift);

// After  
result[i] = (byte) ((value >>> shift) & 0xFF);

Test plan

  • Added new test methods testIntToBytesWithNegativeValues() and testLongToBytesWithNegativeValues()
  • Tests verify correct behavior with negative values (-1, -256)
  • Tests verify correct padding behavior when size is larger than the value type
  • All existing tests continue to pass
  • SpotBugs analysis should no longer report this issue

Developer and others added 2 commits June 30, 2025 09:38
Fix ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT in DataConverter
87c230d 
Fixed SpotBugs issue where unsigned right shift operations were being cast
directly to byte without proper masking. Added 0xFF mask to ensure only
the lower 8 bits are preserved when casting from int/long to byte.

- Modified intToBytes() to mask with 0xFF after right shift
- Modified longToBytes() to mask with 0xFF after right shift
- Added comprehensive tests for negative values to verify fix

This resolves potential issues with sign extension when casting the result
of unsigned right shift operations to smaller types.
@ic0ns
Merge branch 'main' into fix-icast-unsigned-shift
ad57aa9
@ic0ns
Copy link
Contributor Author

ic0ns commented Jun 30, 2025

Does not look too bad - need to check if correct

@TrueSkrillor TrueSkrillor merged commit 0c917e1 into tls-attacker:main Jul 2, 2025
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TrueSkrillor TrueSkrillor TrueSkrillor approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ic0ns @TrueSkrillor