Return-Path: X-Original-To: apmail-cassandra-commits-archive@www.apache.org Delivered-To: apmail-cassandra-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 89C81115AC for ; Tue, 29 Jul 2014 18:10:40 +0000 (UTC) Received: (qmail 46048 invoked by uid 500); 29 Jul 2014 18:10:39 -0000 Delivered-To: apmail-cassandra-commits-archive@cassandra.apache.org Received: (qmail 46016 invoked by uid 500); 29 Jul 2014 18:10:39 -0000 Mailing-List: contact commits-help@cassandra.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cassandra.apache.org Delivered-To: mailing list commits@cassandra.apache.org Received: (qmail 45998 invoked by uid 99); 29 Jul 2014 18:10:39 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 29 Jul 2014 18:10:39 +0000 Date: Tue, 29 Jul 2014 18:10:39 +0000 (UTC) From: "Michael Shuler (JIRA)" To: commits@cassandra.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Resolved] (CASSANDRA-6263) Static Code Analysis Results: Null Dereference MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/CASSANDRA-6263?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Shuler resolved CASSANDRA-6263. --------------------------------------- Resolution: Incomplete Since no verification has been received, I'm closing this as incomplete. You might be interested in CASSANDRA-7226 for C* >= 3.0 (trunk). Verification of each error and patches where appropriate would be most welcome. > Static Code Analysis Results: Null Dereference > ---------------------------------------------- > > Key: CASSANDRA-6263 > URL: https://issues.apache.org/jira/browse/CASSANDRA-6263 > Project: Cassandra > Issue Type: Bug > Components: Core > Reporter: Sherif Mansour > Priority: Minor > Labels: Security > > I would like to contribute to Cassandra community by raising bugs for code quality issues. > The first bug type I am raising for is Null Dereference > Additionally I can raise bugs for security issues however I cannot find the responsible disclosure process for the Cassandra team, these issues would need to be private for obvious reasons. > The issues > 01) The method deleteStatement() in CqlParser.java can crash the program by dereferencing a null pointer on line 2034. > 02) The method columnOperation() in CqlParser.java can crash the program by dereferencing a null pointer on line 6338. > 03) The method isSatisfiedBy() in ExtendedFilter.java can crash the program by dereferencing a null pointer on line 316. > 04) The method run() in IndexedRangeSlicer.java can crash the program by dereferencing a null pointer on line 101. > 05) The method scrub() in Scrubber.java can crash the program by dereferencing a null pointer on line 169. > 06) The method processColumnFamily() in SelectStatement.java can crash the program by dereferencing a null pointer on line 901. > 07) The method accept() in SSTableLoader.java can crash the program by dereferencing a null pointer on line 81. > 08) The method buildSummary() in SSTableReader.java can crash the program by dereferencing a null pointer on line 469. > 09) The method buildSummary() in SSTableReader.java can crash the program by dereferencing a null pointer on line 476. > 10) The method fetchRows() in StorageProxy.java can crash the program by dereferencing a null pointer on line 1280. > 11) The method fetchRows() in StorageProxy.java can crash the program by dereferencing a null pointer on line 1297. > 12) The method groupSuperColumns() in SuperColumns.java can crash the program by dereferencing a null pointer on line 99. > Recommendations: > Implement careful checks before dereferencing objects that might be null. When possible, abstract null checks into wrappers around code that manipulates resources to ensure that they are applied in all cases and to minimize the places where mistakes can occur. > PLEASE NOTE: These issues do require manual verification as some might be false positives. -- This message was sent by Atlassian JIRA (v6.2#6252)