Bug 42722 - Potential NullPointerException in org.apache.catalina.servlets.CGIServlet
Summary: Potential NullPointerException in org.apache.catalina.servlets.CGIServlet
Status: RESOLVED FIXED
Alias: None
Product: Tomcat 6
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 6.0.11
Hardware: Other All
: P2 normal (vote)
Target Milestone: default
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-06-22 05:21 UTC by Nils Hammar
Modified: 2008-10-08 06:57 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Nils Hammar 2007-06-22 05:21:27 UTC
There is a potential NPE in CGIServlet, even if it's unlikely it may happen.

The following patch resolves this problem:

Index:
F:/Workspace/Apache2/tomcat6/java/org/apache/catalina/servlets/CGIServlet.java
===================================================================
---
F:/Workspace/Apache2/tomcat6/java/org/apache/catalina/servlets/CGIServlet.java
(revision 548385)
+++
F:/Workspace/Apache2/tomcat6/java/org/apache/catalina/servlets/CGIServlet.java
(working copy)
@@ -1631,7 +1631,6 @@
              * with major modifications by Martin Dengler
              */
             Runtime rt = null;
-            InputStream cgiOutput = null;
             BufferedReader commandsStdErr = null;
             BufferedOutputStream commandsStdIn = null;
             Process proc = null;
@@ -1700,7 +1699,9 @@
                     new HTTPHeaderInputStream(proc.getInputStream());
                 BufferedReader cgiHeaderReader =
                     new BufferedReader(new InputStreamReader(cgiHeaderStream));
-            
+
+                InputStream cgiOutput = null;
+
                 while (isRunning) {
                     try {
                         //set headers
@@ -1763,7 +1764,10 @@
                 } //replacement for Process.waitFor()
     
                 // Close the output stream used
-                cgiOutput.close();
+                if (cgiOutput != null)
+                {
+                    cgiOutput.close();
+                }
             }
             catch (IOException e){
                 log ("Caught exception " + e);
Comment 1 Mark Thomas 2008-07-10 14:21:00 UTC
Thanks for the patch. A version of it has been applied to trunk and proposed for 6.0.x
Comment 2 William A. Rowe Jr. 2008-07-10 14:33:51 UTC
As Mark points out, this is a JAVA bug.  It's contingent on the Sun Java instsller
to provide msvcr71.

This is *NOT* a system library (msvcrt.dll is).  In fact MS expects everyone who
consumes it to install it privately, which is why it's flagged as a redist.

Please, don't waste your time and ours by reopening.
Comment 3 Mark Thomas 2008-07-10 14:46:25 UTC
Wrong bug Bill.
Comment 4 William A. Rowe Jr. 2008-07-10 14:48:23 UTC
Glad this was reopened, and entirely unsure of what bugzilla or firefox just did to me :)

Thanks again Nils for this fix 
Comment 5 Mark Thomas 2008-10-08 06:57:38 UTC
This has been fixed in 6.0.x and is included in 6.0.18 onwards