New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
One NPE in dubbo/container/Main.java #8195
Labels
Comments
I will fix it. |
howie-xu
added a commit
to howie-xu/dubbo
that referenced
this issue
Jul 2, 2021
howie-xu
added a commit
to howie-xu/dubbo
that referenced
this issue
Jul 3, 2021
howie-xu
added a commit
to howie-xu/dubbo
that referenced
this issue
Jul 4, 2021
Any update on this? Has it been fixed yet? |
CrazyHZM
added
help wanted
Everything needs help from contributors
level/easy
type/bug
Bugs to being fixed
labels
Sep 24, 2021
I will fix it. |
This was referenced Sep 25, 2021
It has already been fixed by #8215 |
ok |
@containerAnalyzer pls close issue |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Hello,
Our static analyzer found a following potential NPE. We have checked the feasibility of this execution trace. It is necessary to defend this vulnerability to improve the code quality.
Return null to caller (Trace staring point)
dubbo/dubbo-common/src/main/java/org/apache/dubbo/common/extension/ExtensionLoader.java
Line 466 in f26ba91
Function getDefaultExtension executes, stores the return value to defaultextension (defaultextension can be null) and return defaultextension to caller, which can be null
dubbo/dubbo-common/src/main/java/org/apache/dubbo/common/extension/ExtensionLoader.java
Line 434 in f26ba91
Return the return value of function getExtension to caller
dubbo/dubbo-common/src/main/java/org/apache/dubbo/common/extension/ExtensionLoader.java
Line 426 in f26ba91
Function getExtension executes and stores the return value to extension (extension can be null)
dubbo/dubbo-container/dubbo-container-api/src/main/java/org/apache/dubbo/container/Main.java
Line 63 in f26ba91
Function add executes and containers contains null as its elements.
dubbo/dubbo-container/dubbo-container-api/src/main/java/org/apache/dubbo/container/Main.java
Line 63 in f26ba91
Function next executes and return null value
dubbo/dubbo-container/dubbo-container-api/src/main/java/org/apache/dubbo/container/Main.java
Line 89 in f26ba91
The return value of function next is passed as the this pointer to function start (the return value of function next can be null), which will leak to null pointer dereference
dubbo/dubbo-container/dubbo-container-api/src/main/java/org/apache/dubbo/container/Main.java
Line 90 in f26ba91
Commit: f26ba91
ContainerAnalyzer
The text was updated successfully, but these errors were encountered: