zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ZOOKEEPER-3007) Potential NPE in ReferenceCountedACLCache#deserialize
Date Wed, 25 Apr 2018 00:43:00 GMT

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-3007?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16451452#comment-16451452
] 

ASF GitHub Bot commented on ZOOKEEPER-3007:
-------------------------------------------

Github user phunt commented on a diff in the pull request:

    https://github.com/apache/zookeeper/pull/495#discussion_r183918644
  
    --- Diff: src/java/main/org/apache/zookeeper/server/ReferenceCountedACLCache.java ---
    @@ -109,6 +109,10 @@ public synchronized void deserialize(InputArchive ia) throws IOException
{
                 }
                 List<ACL> aclList = new ArrayList<ACL>();
                 Index j = ia.startVector("acls");
    +            if (j == null) {
    +                LOG.error("ERROR: incorrent format of InputArchive" + ia);
    --- End diff --
    
    You don't need an ERROR in the text here or on the next line. It's already LOG'd as an
error. Same for the next line - it's a RTE.
    
    Also you need a space  "... of InputArchive" -> ".... of InputArchive " (notice space
at the end. Otw the text of ia is just appended w/o the space. Also notice that ia doesn't
have a toString, so I'm not sure how helpful that is.... it's fine to leave I guess.


> Potential NPE in ReferenceCountedACLCache#deserialize 
> ------------------------------------------------------
>
>                 Key: ZOOKEEPER-3007
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3007
>             Project: ZooKeeper
>          Issue Type: Bug
>    Affects Versions: 3.6.0
>            Reporter: lujie
>            Priority: Major
>
> Inspired by ZK-3006 , I develop a simple static analysis tool to find other Potential
NPE like ZK-3006. This bug is found by this tool ,and I have carefully studied it.  But i
am a newbie at here so i may be wrong, hope someone could confirm it and help me improve
this tool.
> h3. Bug describtion:
> callee BinaryInputArchive#startVector will return null:
> {code:java}
> // code placeholder
> public Index startVector(String tag) throws IOException {
>     int len = readInt(tag);
>      if (len == -1) {
>      return null;
> }
> {code}
> and caller ReferenceCountedACLCache#deserialize  call it without null check
> {code:java}
> // code placeholder
> Index j = ia.startVector("acls");
> while (!j.done()) {
>   ACL acl = new ACL();
>   acl.deserialize(ia, "acl");
> }{code}
> but all the other 14 caller of BinaryInputArchive#startVector performs null checker
like:
> {code:java}
> // code placeholder
> Index vidx1 = a_.startVector("acl");
>   if (vidx1!= null)
>      for (; !vidx1.done(); vidx1.incr()){
>      .....
>     }
>    }
> }
> {code}
> so i think we also need add null check in caller ReferenceCountedACLCache#deserialize 
just like other 14 caller
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message