Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-3007

Potential NPE in ReferenceCountedACLCache#deserialize

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.6.0
    • Fix Version/s: 3.5.4, 3.6.0, 3.4.13
    • Component/s: None
    • Labels:
      None

      Description

      Inspired by ZK-3006 , I develop a simple static analysis tool to find other Potential NPE like ZK-3006. This bug is found by this tool ,and I have carefully studied it.  But i am a newbie at here so i may be wrong, hope someone could confirm it and help me improve this tool.

      Bug describtion:

      callee BinaryInputArchive#startVector will return null:

      // code placeholder
      public Index startVector(String tag) throws IOException {
          int len = readInt(tag);
           if (len == -1) {
           return null;
      }
      

      and caller ReferenceCountedACLCache#deserialize  call it without null check

      // code placeholder
      Index j = ia.startVector("acls");
      while (!j.done()) {
        ACL acl = new ACL();
        acl.deserialize(ia, "acl");
      }

      but all the other 14 caller of BinaryInputArchive#startVector performs null checker like:

      // code placeholder
      Index vidx1 = a_.startVector("acl");
        if (vidx1!= null)
           for (; !vidx1.done(); vidx1.incr()){
           .....
          }
         }
      }
      

      so i think we also need add null check in caller ReferenceCountedACLCache#deserialize  just like other 14 caller

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                xiaoheipangzi lujie
                Reporter:
                xiaoheipangzi lujie
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: