Uploaded image for project: 'Karaf'
  1. Karaf
  2. KARAF-4212

Null Dereference

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Won't Fix
    • 4.0.3
    • None
    • None
    • None

    Description

      HP Fortify SCA and SciTools Understand were used to perform an application security analysis on the karaf source code.

      The method execute() in LoadTest.java can crash the program by dereferencing a null pointer on line 71.

      File: bundle/core/src/main/java/org/apache/karaf/bundle/command/LoadTest.java
      Line: 71

      LoadTest.java, lines 65-74:

      65 @Override
66 public Object execute() throws Exception {
67     if (!confirm(session)) {
68         return null;
69     }
70     final BundleContext bundleContext = this.bundleContext.getBundle(0).getBundleContext();
71     final FrameworkWiring wiring = bundleContext.getBundle().adapt(FrameworkWiring.class);
72     final CountDownLatch latch = new CountDownLatch(threads);
73     final Bundle[] bundles = bundleContext.getBundles();
74     final AtomicBoolean[] locks = new AtomicBoolean[bundles.length];

      Attachments

        Activity

          People

            Unassigned Unassigned
            EdAInWestOC Eduardo Aguinaga
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: