You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Dave Brosius (JIRA)" <ji...@apache.org> on 2016/08/31 01:02:20 UTC
[jira] [Commented] (CASSANDRA-12567) Null Dereference
[ https://issues.apache.org/jira/browse/CASSANDRA-12567?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15450656#comment-15450656 ]
Dave Brosius commented on CASSANDRA-12567:
------------------------------------------
this check
validator = dataType == null ? null : dataType.prepare(keyspace());
seems overly cautious. as pointed out, if there's no dataType all kinds of bad things are going to happen.
not sure why that check is there. seems like a red herring.
> Null Dereference
> ----------------
>
> Key: CASSANDRA-12567
> URL: https://issues.apache.org/jira/browse/CASSANDRA-12567
> Project: Cassandra
> Issue Type: Sub-task
> Reporter: Eduardo Aguinaga
>
> Overview:
> In May through June of 2016 a static analysis was performed on version 3.0.5 of the Cassandra source code. The analysis included an automated analysis using HP Fortify v4.21 SCA and a manual analysis utilizing SciTools Understand v4. The results of that analysis includes the issue below.
> Issue:
> In the file AlterTableStatement.java on lines 139, 190 & 192, a null dereference may occur by referencing the member validator, which can be assigned null on line 96. at the beginning of the method announceMigration.
> {code:java}
> AlterTableStatement.java, lines 88-139:
> 088 public Event.SchemaChange announceMigration(boolean isLocalOnly) throws RequestValidationException
> 089 {
> . . .
> 096 CQL3Type validator = this.validator == null ? null : this.validator.prepare(keyspace());
> . . .
> 108 switch (oType)
> 109 {
> 110 case ADD:
> . . .
> 138
> 139 AbstractType<?> type = validator.getType();
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)