You are viewing a plain text version of this content. The canonical link for it is here.

Posted to reviews@iotdb.apache.org by GitBox <gi...@apache.org> on 2021/07/01 07:45:44 UTC

[GitHub] [iotdb] containerAnalyzer opened a new issue #3482: One NPE in UDTFDataSet.java

containerAnalyzer opened a new issue #3482:
URL: https://github.com/apache/iotdb/issues/3482


   Hello,
   Our static analyzer found a following potential NPE. We have checked the feasibility of this execution trace. It is necessary to defend this vulnerability to improve the code quality.
   
   1. Select the true branch at this point (instanceof<org.apache.iotdb.db.query.expression.unary.TimeSeriesOperand>(expression)==0 is true). Function add executes and paths constains null
   https://github.com/apache/iotdb/blob/8b1ee93c51932d72cb7fd7c5268f40f7b3a74f25/server/src/main/java/org/apache/iotdb/db/query/expression/unary/FunctionExpression.java#L170-L173
   
   2. Program reaches the return point, and returns paths, which contains null
   https://github.com/apache/iotdb/blob/8b1ee93c51932d72cb7fd7c5268f40f7b3a74f25/server/src/main/java/org/apache/iotdb/db/query/expression/unary/FunctionExpression.java#L176
   
   3. Function getPaths executes and stores the return value to paths (paths can be null)
   https://github.com/apache/iotdb/blob/8b1ee93c51932d72cb7fd7c5268f40f7b3a74f25/server/src/main/java/org/apache/iotdb/db/query/dataset/UDTFDataSet.java#L166
   
   4. Function get executes and returns
   https://github.com/apache/iotdb/blob/8b1ee93c51932d72cb7fd7c5268f40f7b3a74f25/server/src/main/java/org/apache/iotdb/db/query/dataset/UDTFDataSet.java#L169
   
   5. The return value of function get is passed as the this pointer to function getFullPath (the return value of function get can be null), which will leak to null pointer dereference
   https://github.com/apache/iotdb/blob/8b1ee93c51932d72cb7fd7c5268f40f7b3a74f25/server/src/main/java/org/apache/iotdb/db/query/dataset/UDTFDataSet.java#L169
   
   
   Commit: 8b1ee93c51932d72cb7fd7c5268f40f7b3a74f25
   
   
   
   
   ContainerAnalyzer


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@iotdb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [iotdb] HTHou closed issue #3482: One NPE in UDTFDataSet.java

Posted by GitBox <gi...@apache.org>.

HTHou closed issue #3482:
URL: https://github.com/apache/iotdb/issues/3482


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@iotdb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [iotdb] containerAnalyzer commented on issue #3482: One NPE in UDTFDataSet.java

Posted by GitBox <gi...@apache.org>.

containerAnalyzer commented on issue #3482:
URL: https://github.com/apache/iotdb/issues/3482#issuecomment-873363797


   Thank you for your confirmation.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@iotdb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [iotdb] SteveYurongSu commented on issue #3482: One NPE in UDTFDataSet.java

Posted by GitBox <gi...@apache.org>.

SteveYurongSu commented on issue #3482:
URL: https://github.com/apache/iotdb/issues/3482#issuecomment-873363486


   This is a correct discovery. An NPE can be triggered by executing a nested query in the CLI that is syntactically supported (but not supported on the user's documentation, the nested query is WIP). 
   
   example:
   select sin(sin(s1)) from root.sg1.d1
   
   Currently, we use `paths.get(i).getFullPath()` to get a reader index of a udtf plan, which may cause a NPE. After introducing nested query, we will use the column name to get the reader index, and all `paths` will be replaced by `columns` (we are doing the cleaning), at that time, there will be no NPEs.
   
   Thanks for the discovery!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@iotdb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org