lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Xiaoshan Sun (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (LUCENE-8075) Possible null pointer dereference in core/src/java/org/apache/lucene/codecs/blocktree/IntersectTermsEnum.java
Date Sun, 03 Dec 2017 09:13:00 GMT

     [ https://issues.apache.org/jira/browse/LUCENE-8075?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Xiaoshan Sun updated LUCENE-8075:
---------------------------------
    Description: 
Possible null pointer dereference in core/src/java/org/apache/lucene/codecs/blocktree/IntersectTermsEnum.java.
at line 119. The fr.index may be NULL. This result is based on static analysis tools and the
proofs are:
*

{code:java}
106: if (fr.index == null) {

107:      fstReader = null;  // fr.index is Known NULL here.
    } else {
      fstReader = fr.index.getBytesReader();
    }

    // TODO: if the automaton is "smallish" we really
    // should use the terms index to seek at least to
    // the initial term and likely to subsequent terms
    // (or, maybe just fallback to ATE for such cases).
    // Else the seek cost of loading the frames will be
    // too costly.

119:    final FST.Arc<BytesRef> arc = fr.index.getFirstArc(arcs[0]); 
//  fr.index is dereferenced here and fr.index can be NULL if 107 is arrived.
{code}

*
It is not sure if fr.index can be NULL in runtime.
We think it is reasonable to fix it by a test if fr.index is NULL and an error handling.

--------------
Please Refer to "Trusted Operating System and System Assurance Working Group, TCA, Institute
of Software, Chinese Academy of Sciences" in the acknowledgement if applicable.


  was:
Possible null pointer dereference in core/src/java/org/apache/lucene/codecs/blocktree/IntersectTermsEnum.java.

This result is based on static analysis tools and the proofs are:
*

{code:java}
106: if (fr.index == null) {

107:      fstReader = null;  // fr.index is Known NULL here.
    } else {
      fstReader = fr.index.getBytesReader();
    }

    // TODO: if the automaton is "smallish" we really
    // should use the terms index to seek at least to
    // the initial term and likely to subsequent terms
    // (or, maybe just fallback to ATE for such cases).
    // Else the seek cost of loading the frames will be
    // too costly.

119:    final FST.Arc<BytesRef> arc = fr.index.getFirstArc(arcs[0]); 
//  fr.index is dereferenced here and fr.index can be NULL if 107 is arrived.
{code}

*

We think it is reasonable to fix it by a test if fr.index is NULL and an error handling.

--------------
Please Refer to "Trusted Operating System and System Assurance Working Group, TCA, Institute
of Software, Chinese Academy of Sciences" in the acknowledgement if applicable.



> Possible null pointer dereference in core/src/java/org/apache/lucene/codecs/blocktree/IntersectTermsEnum.java
> -------------------------------------------------------------------------------------------------------------
>
>                 Key: LUCENE-8075
>                 URL: https://issues.apache.org/jira/browse/LUCENE-8075
>             Project: Lucene - Core
>          Issue Type: Bug
>          Components: core/codecs
>    Affects Versions: 7.1
>            Reporter: Xiaoshan Sun
>              Labels: easyfix, security
>   Original Estimate: 10m
>  Remaining Estimate: 10m
>
> Possible null pointer dereference in core/src/java/org/apache/lucene/codecs/blocktree/IntersectTermsEnum.java.
> at line 119. The fr.index may be NULL. This result is based on static analysis tools
and the proofs are:
> *
> {code:java}
> 106: if (fr.index == null) {
> 107:      fstReader = null;  // fr.index is Known NULL here.
>     } else {
>       fstReader = fr.index.getBytesReader();
>     }
>     // TODO: if the automaton is "smallish" we really
>     // should use the terms index to seek at least to
>     // the initial term and likely to subsequent terms
>     // (or, maybe just fallback to ATE for such cases).
>     // Else the seek cost of loading the frames will be
>     // too costly.
> 119:    final FST.Arc<BytesRef> arc = fr.index.getFirstArc(arcs[0]); 
> //  fr.index is dereferenced here and fr.index can be NULL if 107 is arrived.
> {code}
> *
> It is not sure if fr.index can be NULL in runtime.
> We think it is reasonable to fix it by a test if fr.index is NULL and an error handling.
> --------------
> Please Refer to "Trusted Operating System and System Assurance Working Group, TCA, Institute
of Software, Chinese Academy of Sciences" in the acknowledgement if applicable.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message