Derby
  1. Derby
  2. DERBY-6081

JDBC 4.2 setObject() and updateObject() methods throw NPE when type is null

    Details

      Description

      If the SQLType argument to the new JDBC 4.2 methods in PreparedStatement and ResultSet is null, the call will fail with a NullPointerException. It should fail with an SQLException.

      Stack trace on embedded:

      java.lang.NullPointerException
      at org.apache.derby.impl.jdbc.Util42.getTypeAsInt(Util42.java:57)
      at org.apache.derby.impl.jdbc.EmbedPreparedStatement42.setObject(EmbedPreparedStatement42.java:57)

      Stack trace on client:

      java.lang.NullPointerException
      at org.apache.derby.client.am.Utils42.getTypeAsInt(Utils42.java:55)
      at org.apache.derby.client.am.PreparedStatement42.setObject(PreparedStatement42.java:78)

      1. d6081-1a.diff
        5 kB
        Knut Anders Hatlen

        Activity

        Hide
        Knut Anders Hatlen added a comment -

        The current code detects that an invalid type is specified and tries to create an SQLException to report it. When creating the SQLException, it calls toString() on the type object in order to produce the message text. Since the object is null, a NullPointerException is thrown.

        The factory methods that create SQLExceptions don't require message arguments to be strings, they could be any object type. Eventually, MessageFormat will call toString() on them, but it will first check for null values in order to prevent NullPointerExceptions.

        The attached patch changes the code that produces the SQLException so that it simply passes the SQLType object to the message formatter without calling toString() on it first. This prevents the NullPointerException and makes setObject() and updateObject() produce an SQLException with the following message text instead:

        java.sql.SQLFeatureNotSupportedException: The data type 'null' is not supported.

        The patch adds test cases to PreparedStatementTest42. This test fails with NPE without the suggested fix, and runs cleanly when the fix is applied. I've started the full regression test suite on JDK 8. Will report back when it has completed.

        Show
        Knut Anders Hatlen added a comment - The current code detects that an invalid type is specified and tries to create an SQLException to report it. When creating the SQLException, it calls toString() on the type object in order to produce the message text. Since the object is null, a NullPointerException is thrown. The factory methods that create SQLExceptions don't require message arguments to be strings, they could be any object type. Eventually, MessageFormat will call toString() on them, but it will first check for null values in order to prevent NullPointerExceptions. The attached patch changes the code that produces the SQLException so that it simply passes the SQLType object to the message formatter without calling toString() on it first. This prevents the NullPointerException and makes setObject() and updateObject() produce an SQLException with the following message text instead: java.sql.SQLFeatureNotSupportedException: The data type 'null' is not supported. The patch adds test cases to PreparedStatementTest42. This test fails with NPE without the suggested fix, and runs cleanly when the fix is applied. I've started the full regression test suite on JDK 8. Will report back when it has completed.
        Hide
        Bryan Pendleton added a comment -

        Nice and clean, I like it!

        Show
        Bryan Pendleton added a comment - Nice and clean, I like it!
        Hide
        Knut Anders Hatlen added a comment -

        Thank you, Bryan!

        The test run failed in Changes10_10.testFloatLimits() and SystemPrivilegesPermissionTest.policyTestDatabasePermissionGrants(). The former also fails in the continuous testing, and the latter fails on Java 8 in my environment without the patch, so I believe they are both unrelated to my patch.

        Committed revision 1448278.

        Show
        Knut Anders Hatlen added a comment - Thank you, Bryan! The test run failed in Changes10_10.testFloatLimits() and SystemPrivilegesPermissionTest.policyTestDatabasePermissionGrants(). The former also fails in the continuous testing, and the latter fails on Java 8 in my environment without the patch, so I believe they are both unrelated to my patch. Committed revision 1448278.

          People

          • Assignee:
            Knut Anders Hatlen
            Reporter:
            Knut Anders Hatlen
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development