cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sherif Mansour (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CASSANDRA-6263) Static Code Analysis Results: Null Dereference
Date Tue, 29 Oct 2013 10:26:30 GMT
Sherif Mansour created CASSANDRA-6263:
-----------------------------------------

             Summary: Static Code Analysis Results: Null Dereference
                 Key: CASSANDRA-6263
                 URL: https://issues.apache.org/jira/browse/CASSANDRA-6263
             Project: Cassandra
          Issue Type: Bug
          Components: Core
            Reporter: Sherif Mansour
            Priority: Minor


I would like to contribute to Cassandra community by raising bugs for code quality issues.

The first bug type I am raising for is Null Dereference
 Additionally I can raise bugs for security issues however I cannot find the responsible disclosure
process for the Cassandra team, these issues would need to be private for obvious reasons.

The issues
01) The method deleteStatement() in CqlParser.java can crash the program by dereferencing
a null pointer on line 2034.
02) The method columnOperation() in CqlParser.java can crash the program by dereferencing
a null pointer on line 6338.
03) The method isSatisfiedBy() in ExtendedFilter.java can crash the program by dereferencing
a null pointer on line 316.
04) The method run() in IndexedRangeSlicer.java can crash the program by dereferencing a null
pointer on line 101.
05) The method scrub() in Scrubber.java can crash the program by dereferencing a null pointer
on line 169.
06) The method processColumnFamily() in SelectStatement.java can crash the program by dereferencing
a null pointer on line 901.
07) The method accept() in SSTableLoader.java can crash the program by dereferencing a null
pointer on line 81.
08) The method buildSummary() in SSTableReader.java can crash the program by dereferencing
a null pointer on line 469.
09) The method buildSummary() in SSTableReader.java can crash the program by dereferencing
a null pointer on line 476.
10) The method fetchRows() in StorageProxy.java can crash the program by dereferencing a null
pointer on line 1280.
11) The method fetchRows() in StorageProxy.java can crash the program by dereferencing a null
pointer on line 1297.
12) The method groupSuperColumns() in SuperColumns.java can crash the program by dereferencing
a null pointer on line 99.

Recommendations:
Implement careful checks before dereferencing objects that might be null. When possible, abstract
null checks into wrappers around code that manipulates resources to ensure that they are applied
in all cases and to minimize the places where mistakes can occur.

PLEASE NOTE: These issues do require manual verification as some might be false positives.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message