karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Baptiste Onofré (JIRA) <j...@apache.org>
Subject [jira] [Resolved] (KARAF-4212) Null Dereference
Date Sat, 28 Jan 2017 05:19:24 GMT

     [ https://issues.apache.org/jira/browse/KARAF-4212?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jean-Baptiste Onofré resolved KARAF-4212.
-----------------------------------------
       Resolution: Won't Fix
    Fix Version/s:     (was: 4.0.9)
                       (was: 4.1.0)

The load test command uses here a latch. As it runs in OSGi, the bundle/framework can't be
null.

> Null Dereference
> ----------------
>
>                 Key: KARAF-4212
>                 URL: https://issues.apache.org/jira/browse/KARAF-4212
>             Project: Karaf
>          Issue Type: Bug
>    Affects Versions: 4.0.3
>            Reporter: Eduardo Aguinaga
>
> HP Fortify SCA and SciTools Understand were used to perform an application security analysis
on the karaf source code.
> The method execute() in LoadTest.java can crash the program by dereferencing a null pointer
on line 71.
> File: bundle/core/src/main/java/org/apache/karaf/bundle/command/LoadTest.java
> Line: 71
> LoadTest.java, lines 65-74:
> {code}
> 65 @Override
> 66 public Object execute() throws Exception {
> 67     if (!confirm(session)) {
> 68         return null;
> 69     }
> 70     final BundleContext bundleContext = this.bundleContext.getBundle(0).getBundleContext();
> 71     final FrameworkWiring wiring = bundleContext.getBundle().adapt(FrameworkWiring.class);
> 72     final CountDownLatch latch = new CountDownLatch(threads);
> 73     final Bundle[] bundles = bundleContext.getBundles();
> 74     final AtomicBoolean[] locks = new AtomicBoolean[bundles.length];
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message