New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

NullPointerException vulnerability in StringTreeBuilder #163

Closed
frizbog opened this Issue Sep 27, 2016 · 3 comments

Comments

Projects
None yet
1 participant
@frizbog
Owner

frizbog commented Sep 27, 2016

User reports following crash:

Caused by: java.lang.NullPointerException: Attempt to invoke virtual method 'java.lang.String java.lang.String.intern()' on a null object reference at org.gedcom4j.parser.StringTreeBuilder.addNewNode(StringTreeBuilder.java) at org.gedcom4j.parser.StringTreeBuilder.getTree(StringTreeBuilder.java) appendLine(StringTreeBuilder.java) at org.gedcom4j.parser.GedcomParser.load(GedcomParser.java) ...

Will address in 3.2.2 release and 4.0 release.

@frizbog frizbog self-assigned this Sep 27, 2016

@frizbog frizbog added the bug label Sep 27, 2016

@frizbog

This comment has been minimized.

Owner

frizbog commented Sep 27, 2016

The problem here was that there was no valid tag value in the line to intern, which means a malformed file or something to that effect. There's no way to recover from this, but a GedcomParserException would be preferable to a NullPointerException, so that's what I'm doing.

frizbog added a commit that referenced this issue Sep 27, 2016

frizbog added a commit that referenced this issue Sep 27, 2016

frizbog added a commit that referenced this issue Sep 27, 2016

frizbog added a commit that referenced this issue Sep 27, 2016

@frizbog

This comment has been minimized.

Owner

frizbog commented Sep 27, 2016

3.2.2-SNAPSHOT as of 2016-09-27T18:30:47-04:00 has a fix (which is to change the exception thrown, with a somewhat helpful message)
4.0.0-SNAPSHOT as of 2016-09-27T18:35:14-04:00 has the same fix.

@frizbog

This comment has been minimized.

Owner

frizbog commented Sep 29, 2016

Released in v3.2.2

@frizbog frizbog closed this Sep 29, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment