karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eduardo Aguinaga (JIRA)" <j...@apache.org>
Subject [jira] [Created] (KARAF-4212) Null Dereference
Date Tue, 15 Dec 2015 17:51:46 GMT
Eduardo Aguinaga created KARAF-4212:
---------------------------------------

             Summary: Null Dereference
                 Key: KARAF-4212
                 URL: https://issues.apache.org/jira/browse/KARAF-4212
             Project: Karaf
          Issue Type: Bug
    Affects Versions: 4.0.3
            Reporter: Eduardo Aguinaga


HP Fortify SCA and SciTools Understand were used to perform an application security analysis
on the karaf source code.

The method execute() in LoadTest.java can crash the program by dereferencing a null pointer
on line 71.

File: bundle/core/src/main/java/org/apache/karaf/bundle/command/LoadTest.java
Line: 71

LoadTest.java, lines 65-74:
65 @Override
66 public Object execute() throws Exception {
67     if (!confirm(session)) {
68         return null;
69     }
70     final BundleContext bundleContext = this.bundleContext.getBundle(0).getBundleContext();
71     final FrameworkWiring wiring = bundleContext.getBundle().adapt(FrameworkWiring.class);
72     final CountDownLatch latch = new CountDownLatch(threads);
73     final Bundle[] bundles = bundleContext.getBundles();
74     final AtomicBoolean[] locks = new AtomicBoolean[bundles.length];



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message