Potential numeric precision loss in PathParser.java - CodeQL alert

[unstoo]

Hi team,

I received a CodeQL security/static analysis alert in my project regarding potential numeric precision loss in:
node_modules/react-native-svg/android/src/main/java/com/horcrux/svg/PathParser.java:473

The alert suggests that there might be an implicit narrowing conversion when using compound assignment (+=) which could potentially lead to information loss and numeric errors.

I wanted to check with the maintainers:

1. Is this intentional (e.g., for performance or because the precision loss is acceptable in this context)?
2. Could this cause any issues in certain edge cases?
3. If this is a valid concern, would you be interested in a PR to address it?

Thank you for your time and clarification!

[duvindu60]

Hi everyone,

I came across a CodeQL security/static analysis alert related to the file node_modules/react-native-svg/android/src/main/java/com/horcrux/svg/PathParser.java (line 473), which raised a concern about potential numeric precision loss.

The alert specifically mentions that there may be an implicit narrowing conversion when using compound assignment (+=), and this could lead to precision loss or numeric errors.

I wanted to check with the maintainers and the community regarding this:

Is this behavior intentional?

For example, is the potential loss of precision acceptable due to performance concerns, or is it part of the design for this specific context?

Could this cause issues in certain edge cases?

If so, are there specific scenarios (like very large or small numbers) where this could lead to unexpected results or errors?

If this is a valid concern, would the maintainers be open to a pull request (PR) to address the issue, such as explicitly casting the value to prevent narrowing or loss of precision?

I’d love to hear your thoughts or any feedback regarding this!

Thank you for your time and consideration!