Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| byte[] s = Arrays.copyOfRange(sign, 32, 64); | ||
| byte v = sign[64]; | ||
| if (v < 27) { | ||
| v += 27; //revId -> v |
Check failure
Code scanning / CodeQL
Implicit narrowing conversion in compound assignment High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 1 day ago
In general, this issue is fixed by avoiding compound assignments that rely on implicit narrowing casts. Instead, perform arithmetic in an appropriate wider type and then explicitly cast to the narrower type once, making the intent clear and allowing easy review of whether the cast is safe.
For this specific case, we want to preserve the existing behavior—v remains a byte, and when v < 27 we add 27 to it. To remove the implicit narrowing, we can rewrite v += 27; into a normal assignment that does an explicit cast after the addition, e.g. v = (byte) (v + 27);. The addition still happens in int, but now the narrowing back to byte is explicit and no longer hidden inside the compound operator. No other lines or types need to change, and no new imports or methods are required.
Concretely, in crypto/src/main/java/org/tron/common/crypto/Rsv.java, modify the body of the if (v < 27) block (around line 22) to replace v += 27; with v = (byte) (v + 27);. This keeps functionality identical while resolving the CodeQL warning.
| @@ -19,7 +19,7 @@ | ||
| byte[] s = Arrays.copyOfRange(sign, 32, 64); | ||
| byte v = sign[64]; | ||
| if (v < 27) { | ||
| v += 27; //revId -> v | ||
| v = (byte) (v + 27); //revId -> v | ||
| } | ||
| return new Rsv(r, s, v); | ||
| } |
3 participants
What does this PR do?
Merge master to develop