[
https://issues.apache.org/jira/browse/ARTEMIS-4663?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17839191#comment-17839191
]
Justin Bertram commented on ARTEMIS-4663:
-----------------------------------------
Any exception thrown here (including an NPE) will be handled by
{{org.apache.activemq.artemis.core.protocol.mqtt.MQTTSessionCallback#sendMessage}}.
> Possible dereference of null in MQTTPublishManager
> --------------------------------------------------
>
> Key: ARTEMIS-4663
> URL: https://issues.apache.org/jira/browse/ARTEMIS-4663
> Project: ActiveMQ Artemis
> Issue Type: Bug
> Affects Versions: 2.32.0
> Reporter: Andrey Slepykh
> Priority: Major
> Labels: dereference-of-null
>
> Return value of a function
> [readNullableSimpleString|https://github.com/apache/activemq-artemis/blob/fb1b362b473cad51ae5d05a897be02b1fa8461d4/artemis-protocols/artemis-mqtt-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/mqtt/MQTTPublishManager.java#L377]
> is dereferenced at
> [MQTTPublishManager.java:378|https://github.com/apache/activemq-artemis/blob/fb1b362b473cad51ae5d05a897be02b1fa8461d4/artemis-protocols/artemis-mqtt-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/mqtt/MQTTPublishManager.java#L378]
> without checking for null, but it is usually checked for this function.
> Since the readNullableSimpleString() function can return a null value, it may
> be worth adding a null check before using it on line 378.
> The
> [publishToClient|https://github.com/apache/activemq-artemis/blob/fb1b362b473cad51ae5d05a897be02b1fa8461d4/artemis-protocols/artemis-mqtt-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/mqtt/MQTTPublishManager.java#L371]
> private function can throw exceptions, but they are not handled anywhere in
> the class.
> Found by Linux Verification Center (portal.linuxtesting.ru) with SVACE.
> Author A. Burke.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
