You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@dubbo.apache.org by GitBox <gi...@apache.org> on 2021/07/01 06:58:52 UTC

[GitHub] [dubbo] containerAnalyzer opened a new issue #8195: One NPE in dubbo/container/Main.java

containerAnalyzer opened a new issue #8195:
URL: https://github.com/apache/dubbo/issues/8195


   Hello,
   Our static analyzer found a following potential NPE. We have checked the feasibility of this execution trace. It is necessary to defend this vulnerability to improve the code quality.
   
   1. Return **null** to caller (Trace staring point)
   https://github.com/apache/dubbo/blob/f26ba91b67f642148a10d3b197502e29928b77bf/dubbo-common/src/main/java/org/apache/dubbo/common/extension/ExtensionLoader.java#L466
   
   2. Function **getDefaultExtension** executes, stores the return value to **defaultextension** (**defaultextension** can be **null**) and return **defaultextension** to caller, which can be null 
   https://github.com/apache/dubbo/blob/f26ba91b67f642148a10d3b197502e29928b77bf/dubbo-common/src/main/java/org/apache/dubbo/common/extension/ExtensionLoader.java#L434
   
   3. Return the return value of function **getExtension** to caller
   https://github.com/apache/dubbo/blob/f26ba91b67f642148a10d3b197502e29928b77bf/dubbo-common/src/main/java/org/apache/dubbo/common/extension/ExtensionLoader.java#L426
   
   4. Function **getExtension** executes and stores the return value to **extension** (extension can be null)
   https://github.com/apache/dubbo/blob/f26ba91b67f642148a10d3b197502e29928b77bf/dubbo-container/dubbo-container-api/src/main/java/org/apache/dubbo/container/Main.java#L63
   
   5. Function **add** executes and **containers** contains null as its elements.
   https://github.com/apache/dubbo/blob/f26ba91b67f642148a10d3b197502e29928b77bf/dubbo-container/dubbo-container-api/src/main/java/org/apache/dubbo/container/Main.java#L63
   
   6. Function **next** executes and return **null** value
   https://github.com/apache/dubbo/blob/f26ba91b67f642148a10d3b197502e29928b77bf/dubbo-container/dubbo-container-api/src/main/java/org/apache/dubbo/container/Main.java#L89
   
   7. The return value of function **next** is passed as the this pointer to function **start** (the return value of function **next** can be null), which will leak to null pointer dereference
   https://github.com/apache/dubbo/blob/f26ba91b67f642148a10d3b197502e29928b77bf/dubbo-container/dubbo-container-api/src/main/java/org/apache/dubbo/container/Main.java#L90
   
   Commit: f26ba91b67f642148a10d3b197502e29928b77bf
   
   
   ContainerAnalyzer


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org

[GitHub] [dubbo] xh1202 commented on issue #8195: One NPE in dubbo/container/Main.java

Posted by GitBox <gi...@apache.org>.

xh1202 commented on issue #8195:
URL: https://github.com/apache/dubbo/issues/8195#issuecomment-927124989


   It has already been fixed by #8215 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org

[GitHub] [dubbo] wangchengming666 commented on issue #8195: One NPE in dubbo/container/Main.java

Posted by GitBox <gi...@apache.org>.

wangchengming666 commented on issue #8195:
URL: https://github.com/apache/dubbo/issues/8195#issuecomment-927125889


   > It has already been fixed by #8215
   
   ok


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org

[GitHub] [dubbo] xh1202 commented on issue #8195: One NPE in dubbo/container/Main.java

Posted by GitBox <gi...@apache.org>.

xh1202 commented on issue #8195:
URL: https://github.com/apache/dubbo/issues/8195#issuecomment-872872518


   I will fix it.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org

[GitHub] [dubbo] CrazyHZM closed issue #8195: One NPE in dubbo/container/Main.java

Posted by GitBox <gi...@apache.org>.

CrazyHZM closed issue #8195:
URL: https://github.com/apache/dubbo/issues/8195


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org

[GitHub] [dubbo] colin-ife-snyk commented on issue #8195: One NPE in dubbo/container/Main.java

Posted by GitBox <gi...@apache.org>.

colin-ife-snyk commented on issue #8195:
URL: https://github.com/apache/dubbo/issues/8195#issuecomment-922967952


   Any update on this? Has it been fixed yet?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org

[GitHub] [dubbo] wangchengming666 commented on issue #8195: One NPE in dubbo/container/Main.java

Posted by GitBox <gi...@apache.org>.

wangchengming666 commented on issue #8195:
URL: https://github.com/apache/dubbo/issues/8195#issuecomment-927125940


   @containerAnalyzer pls close issue


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org

[GitHub] [dubbo] wangchengming666 commented on issue #8195: One NPE in dubbo/container/Main.java

Posted by GitBox <gi...@apache.org>.

wangchengming666 commented on issue #8195:
URL: https://github.com/apache/dubbo/issues/8195#issuecomment-927123717


   I will fix it.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org