[jira] [Updated] (ZOOKEEPER-3009) Potential NPE: class NIOServerCnxn has two method can return null

Mon, 26 Mar 2018 01:20:20 -0700 

     [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-3009?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

lujie updated ZOOKEEPER-3009:
-----------------------------
    Description: 
After ZK-3006 , I develop a very simple static analysis tool to find other 
Potential NPE like ZK-3006, this bug is found by this tool ;Although i 
carefully studied it, but due to i am a newbie here, hopefully someone can 
confirm it and help me improve this tool.
h2. Bug description:

 class NIOServerCnxn has three method :getSocketAddress,getRemoteSocketAddress 
can return null just like :
{code:java}
// code placeholder
if (sock.isOpen() == false) {
  return null;
}
{code}
some of their caller give null checker, some(total 3 list in below) are not. 
{code:java}
// ServerCnxn#getConnectionInfo
Map<String, Object> info = new LinkedHashMap<String, Object>();
info.put("remote_socket_address", getRemoteSocketAddress());// Map.put will 
throw NPE if parameter is null

//IPAuthenticationProvider#handleAuthentication
tring id = cnxn.getRemoteSocketAddress().getAddress().getHostAddress();
cnxn.addAuthInfo(new Id(getScheme(), id));// finally call Set.add(it will throw 
NPE if parameter is null )

//NIOServerCnxnFactory#addCnxn
InetAddress addr = cnxn.getSocketAddress();
Set<NIOServerCnxn> set = ipMap.get(addr);// Map.get will throw NPE if parameter 
is null{code}
I think we should add null check in above three caller .

 

  was:
After ZK-3006 , I develop a very simple static analysis tool to find other 
Potential NPE like ZK-3006, this bug is found by this tool ;Although i 
carefully studied it, but due to i am a newbie here, hopefully someone can 
confirm it.
h2. Bug description:

 class NIOServerCnxn has three method :getSocketAddress,getRemoteSocketAddress 
can return null just like :
{code:java}
// code placeholder
if (sock.isOpen() == false) {
  return null;
}
{code}
some of their caller give null checker, some(total 3 list in below) are not. 
{code:java}
// ServerCnxn#getConnectionInfo
Map<String, Object> info = new LinkedHashMap<String, Object>();
info.put("remote_socket_address", getRemoteSocketAddress());// Map.put will 
throw NPE if parameter is null

//IPAuthenticationProvider#handleAuthentication
tring id = cnxn.getRemoteSocketAddress().getAddress().getHostAddress();
cnxn.addAuthInfo(new Id(getScheme(), id));// finally call Set.add(it will throw 
NPE if parameter is null )

//NIOServerCnxnFactory#addCnxn
InetAddress addr = cnxn.getSocketAddress();
Set<NIOServerCnxn> set = ipMap.get(addr);// Map.get will throw NPE if parameter 
is null{code}
I think we should add null check in above three caller .

 


> Potential NPE: class NIOServerCnxn has two method can return null
> -----------------------------------------------------------------
>
>                 Key: ZOOKEEPER-3009
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3009
>             Project: ZooKeeper
>          Issue Type: Bug
>            Reporter: lujie
>            Priority: Major
>
> After ZK-3006 , I develop a very simple static analysis tool to find other 
> Potential NPE like ZK-3006, this bug is found by this tool ;Although i 
> carefully studied it, but due to i am a newbie here, hopefully someone can 
> confirm it and help me improve this tool.
> h2. Bug description:
>  class NIOServerCnxn has three method 
> :getSocketAddress,getRemoteSocketAddress can return null just like :
> {code:java}
> // code placeholder
> if (sock.isOpen() == false) {
>   return null;
> }
> {code}
> some of their caller give null checker, some(total 3 list in below) are not. 
> {code:java}
> // ServerCnxn#getConnectionInfo
> Map<String, Object> info = new LinkedHashMap<String, Object>();
> info.put("remote_socket_address", getRemoteSocketAddress());// Map.put will 
> throw NPE if parameter is null
> //IPAuthenticationProvider#handleAuthentication
> tring id = cnxn.getRemoteSocketAddress().getAddress().getHostAddress();
> cnxn.addAuthInfo(new Id(getScheme(), id));// finally call Set.add(it will 
> throw NPE if parameter is null )
> //NIOServerCnxnFactory#addCnxn
> InetAddress addr = cnxn.getSocketAddress();
> Set<NIOServerCnxn> set = ipMap.get(addr);// Map.get will throw NPE if 
> parameter is null{code}
> I think we should add null check in above three caller .
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to