Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
3.6.0
-
None
-
None
Description
Inspired by ZK-3006 , I develop a simple static analysis tool to find other Potential NPE like ZK-3006. This bug is found by this tool ,and I have carefully studied it. But i am a newbie at here so i may be wrong, hope someone could confirm it and help me improve this tool.
Bug description:
callee :SecurityUtils#createSaslClient will return null while encounter exception
// code placeholder catch (Exception e) { LOG.error("Exception while trying to create SASL client", e); return null; }
but its caller has no null check just like:
// code placeholder sc = SecurityUtils.createSaslClient(); if (sc.hasInitialResponse()) { responseToken = createSaslToken(new byte[0], sc, learnerLogin); }
I think we should add null check in caller while callee return null
Attachments
Issue Links
- links to