From c5febf4a482360303fe398404751adcf04cca958 Mon Sep 17 00:00:00 2001
From: halibobo1205 <halibobo1205@gmail.com>
Date: Wed, 15 Oct 2025 14:44:57 +0800
Subject: [PATCH] fix(CodeQL): resolve warning for implicit narrowing
 conversion

---
 .../tron/core/service/MortgageService.java    |  2 +-
 .../main/java/org/tron/common/crypto/Rsv.java |  2 +-
 .../java/org/tron/core/capsule/utils/RLP.java |  2 +-
 .../tron/core/zen/address/SpendingKey.java    |  2 +-
 .../math/ImplicitNarrowingConversionTest.java | 75 +++++++++++++++++++
 5 files changed, 79 insertions(+), 4 deletions(-)
 create mode 100644 framework/src/test/java/org/tron/common/math/ImplicitNarrowingConversionTest.java

diff --git a/chainbase/src/main/java/org/tron/core/service/MortgageService.java b/chainbase/src/main/java/org/tron/core/service/MortgageService.java
index f0182503ae8..8feee11f00d 100644
--- a/chainbase/src/main/java/org/tron/core/service/MortgageService.java
+++ b/chainbase/src/main/java/org/tron/core/service/MortgageService.java
@@ -182,7 +182,7 @@ private long computeReward(long cycle, List<Pair<byte[], Long>> votes) {
       }
       long userVote = vote.getValue();
       double voteRate = (double) userVote / totalVote;
-      reward += (long) (voteRate * totalReward);
+      reward = (long) (reward + voteRate * totalReward);
     }
     return reward;
   }
diff --git a/crypto/src/main/java/org/tron/common/crypto/Rsv.java b/crypto/src/main/java/org/tron/common/crypto/Rsv.java
index 136a77a4592..91d3f181778 100644
--- a/crypto/src/main/java/org/tron/common/crypto/Rsv.java
+++ b/crypto/src/main/java/org/tron/common/crypto/Rsv.java
@@ -19,7 +19,7 @@ public static Rsv fromSignature(byte[] sign) {
     byte[] s = Arrays.copyOfRange(sign, 32, 64);
     byte v = sign[64];
     if (v < 27) {
-      v += (byte) 27; //revId -> v
+      v = (byte) (v + 27); //revId -> v
     }
     return new Rsv(r, s, v);
   }
diff --git a/framework/src/main/java/org/tron/core/capsule/utils/RLP.java b/framework/src/main/java/org/tron/core/capsule/utils/RLP.java
index e5ace11206d..d6860255e9d 100644
--- a/framework/src/main/java/org/tron/core/capsule/utils/RLP.java
+++ b/framework/src/main/java/org/tron/core/capsule/utils/RLP.java
@@ -165,7 +165,7 @@ static short decodeShort(byte[] data, int index) {
       byte pow = (byte) (length - 1);
       for (int i = 1; i <= length; ++i) {
         // << (8 * pow) == bit shift to 0 (*1), 8 (*256) , 16 (*65..)
-        value += (short) ((data[index + i] & 0xFF) << (8 * pow));
+        value = (short) (value + ((data[index + i] & 0xFF) << (8 * pow)));
         pow--;
       }
     } else {
diff --git a/framework/src/main/java/org/tron/core/zen/address/SpendingKey.java b/framework/src/main/java/org/tron/core/zen/address/SpendingKey.java
index f7f030d00e2..44c0ef52348 100644
--- a/framework/src/main/java/org/tron/core/zen/address/SpendingKey.java
+++ b/framework/src/main/java/org/tron/core/zen/address/SpendingKey.java
@@ -89,7 +89,7 @@ public DiversifierT defaultDiversifier() throws BadItemException, ZksnarkExcepti
           throw new BadItemException(
               "librustzcash_check_diversifier does not return valid diversifier");
         }
-        blob[33] += (byte) 1;
+        blob[33] = (byte) (blob[33] + 1);
       } finally {
         JLibsodium.freeState(state);
       }
diff --git a/framework/src/test/java/org/tron/common/math/ImplicitNarrowingConversionTest.java b/framework/src/test/java/org/tron/common/math/ImplicitNarrowingConversionTest.java
new file mode 100644
index 00000000000..2c8d6a51605
--- /dev/null
+++ b/framework/src/test/java/org/tron/common/math/ImplicitNarrowingConversionTest.java
@@ -0,0 +1,75 @@
+package org.tron.common.math;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+/**
+ * @see <a
+ * href="https://codeql.github.com/codeql-query-help/java/java-implicit-cast-in-compound-assignment"
+ * >Implicit narrowing conversion in compound assignment</a>
+ *
+ */
+public class ImplicitNarrowingConversionTest {
+
+  @Test
+  public void test() {
+    long l = 36714;
+    double d = (double) 50 / 64400 * 2210208;
+    long l1 = method1(l,d);
+    long l2 = method2(l,d);
+    long l3 = method3(l,d);
+    // l1 = 38429
+    // l2 = l3 = 38430
+    // d = 1715.9999999999998
+    Assert.assertEquals(l2, l3);
+    Assert.assertNotEquals(l1, l2);
+    Assert.assertNotEquals(l1, l3);
+  }
+
+  /**
+   * code:
+   * <pre>{@code
+   *  0: lload_0 // load long l1
+   *  1: dload_2 // load double d
+   *  2: d2l // convert double d to long ((truncates decimal))
+   *  3: ladd // long + long integer addition
+   *  4: lreturn // return the result
+   * }</pre>
+   */
+  private long method1(long l1, double d) {
+    return l1 + (long) (d);
+  }
+
+  /**
+   * code:
+   * <pre>{@code
+   *  0: lload_0 // load long l2
+   *  1: l2d // promote long l2 to double
+   *  2: dload_2 // load double d
+   *  3: dadd // double + double floating-point addition
+   *  4: d2l // convert the result to long
+   *  5: lstore_0 // store the result back to long l2 (local variable)
+   *  6: lload_0 // reload l2 (for return)
+   *  7: lreturn // return the result
+   * }</pre>
+   */
+  private long method2(long l2, double d) {
+    l2 += d;
+    return l2;
+  }
+
+  /**
+   * code:
+   * <pre>{@code
+   *  0: lload_0 // load long l3
+   *  1: l2d // promote long l3 to double
+   *  2: dload_2 // load double d
+   *  3: dadd // double + double floating-point addition
+   *  4: d2l // convert the result to long
+   *  5: lreturn // return the result
+   * }</pre>
+   */
+  private long method3(long l3, double d) {
+    return (long) (l3 + d);
+  }
+}