Major Description
Inspired by ZK-3006 , I develop a simple static analysis tool to find other Potential NPE like ZK-3006. This bug is found by this tool ,and I have carefully studied it. But i am a newbie at here so i may be wrong, hope someone could confirm it and help me improve this tool.
Bug describtion:
callee BinaryInputArchive#startVector will return null:
// code placeholder public Index startVector(String tag) throws IOException { int len = readInt(tag); if (len == -1) { return null; }
and caller ReferenceCountedACLCache#deserialize call it without null check
// code placeholder Index j = ia.startVector("acls"); while (!j.done()) { ACL acl = new ACL(); acl.deserialize(ia, "acl"); }
but all the other 14 caller of BinaryInputArchive#startVector performs null checker like:
// code placeholder Index vidx1 = a_.startVector("acl"); if (vidx1!= null) for (; !vidx1.done(); vidx1.incr()){ ..... } } }
so i think we also need add null check in caller ReferenceCountedACLCache#deserialize just like other 14 caller
Attachments
Issue Links
- links to
