You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@karaf.apache.org by "Jean-Baptiste Onofré (JIRA)" <ji...@apache.org> on 2017/01/28 05:19:24 UTC
[jira] [Resolved] (KARAF-4212) Null Dereference
[ https://issues.apache.org/jira/browse/KARAF-4212?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jean-Baptiste Onofré resolved KARAF-4212.
-----------------------------------------
Resolution: Won't Fix
Fix Version/s: (was: 4.0.9)
(was: 4.1.0)
The load test command uses here a latch. As it runs in OSGi, the bundle/framework can't be null.
> Null Dereference
> ----------------
>
> Key: KARAF-4212
> URL: https://issues.apache.org/jira/browse/KARAF-4212
> Project: Karaf
> Issue Type: Bug
> Affects Versions: 4.0.3
> Reporter: Eduardo Aguinaga
>
> HP Fortify SCA and SciTools Understand were used to perform an application security analysis on the karaf source code.
> The method execute() in LoadTest.java can crash the program by dereferencing a null pointer on line 71.
> File: bundle/core/src/main/java/org/apache/karaf/bundle/command/LoadTest.java
> Line: 71
> LoadTest.java, lines 65-74:
> {code}
> 65 @Override
> 66 public Object execute() throws Exception {
> 67 if (!confirm(session)) {
> 68 return null;
> 69 }
> 70 final BundleContext bundleContext = this.bundleContext.getBundle(0).getBundleContext();
> 71 final FrameworkWiring wiring = bundleContext.getBundle().adapt(FrameworkWiring.class);
> 72 final CountDownLatch latch = new CountDownLatch(threads);
> 73 final Bundle[] bundles = bundleContext.getBundles();
> 74 final AtomicBoolean[] locks = new AtomicBoolean[bundles.length];
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)