You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@karaf.apache.org by "Jean-Baptiste Onofré (JIRA)" <ji...@apache.org> on 2015/12/16 21:03:46 UTC
[jira] [Updated] (KARAF-4212) Null Dereference
[ https://issues.apache.org/jira/browse/KARAF-4212?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jean-Baptiste Onofré updated KARAF-4212:
----------------------------------------
Description:
HP Fortify SCA and SciTools Understand were used to perform an application security analysis on the karaf source code.
The method execute() in LoadTest.java can crash the program by dereferencing a null pointer on line 71.
File: bundle/core/src/main/java/org/apache/karaf/bundle/command/LoadTest.java
Line: 71
LoadTest.java, lines 65-74:
{code}
65 @Override
66 public Object execute() throws Exception {
67 if (!confirm(session)) {
68 return null;
69 }
70 final BundleContext bundleContext = this.bundleContext.getBundle(0).getBundleContext();
71 final FrameworkWiring wiring = bundleContext.getBundle().adapt(FrameworkWiring.class);
72 final CountDownLatch latch = new CountDownLatch(threads);
73 final Bundle[] bundles = bundleContext.getBundles();
74 final AtomicBoolean[] locks = new AtomicBoolean[bundles.length];
{code}
was:
HP Fortify SCA and SciTools Understand were used to perform an application security analysis on the karaf source code.
The method execute() in LoadTest.java can crash the program by dereferencing a null pointer on line 71.
File: bundle/core/src/main/java/org/apache/karaf/bundle/command/LoadTest.java
Line: 71
LoadTest.java, lines 65-74:
65 @Override
66 public Object execute() throws Exception {
67 if (!confirm(session)) {
68 return null;
69 }
70 final BundleContext bundleContext = this.bundleContext.getBundle(0).getBundleContext();
71 final FrameworkWiring wiring = bundleContext.getBundle().adapt(FrameworkWiring.class);
72 final CountDownLatch latch = new CountDownLatch(threads);
73 final Bundle[] bundles = bundleContext.getBundles();
74 final AtomicBoolean[] locks = new AtomicBoolean[bundles.length];
> Null Dereference
> ----------------
>
> Key: KARAF-4212
> URL: https://issues.apache.org/jira/browse/KARAF-4212
> Project: Karaf
> Issue Type: Bug
> Affects Versions: 4.0.3
> Reporter: Eduardo Aguinaga
>
> HP Fortify SCA and SciTools Understand were used to perform an application security analysis on the karaf source code.
> The method execute() in LoadTest.java can crash the program by dereferencing a null pointer on line 71.
> File: bundle/core/src/main/java/org/apache/karaf/bundle/command/LoadTest.java
> Line: 71
> LoadTest.java, lines 65-74:
> {code}
> 65 @Override
> 66 public Object execute() throws Exception {
> 67 if (!confirm(session)) {
> 68 return null;
> 69 }
> 70 final BundleContext bundleContext = this.bundleContext.getBundle(0).getBundleContext();
> 71 final FrameworkWiring wiring = bundleContext.getBundle().adapt(FrameworkWiring.class);
> 72 final CountDownLatch latch = new CountDownLatch(threads);
> 73 final Bundle[] bundles = bundleContext.getBundles();
> 74 final AtomicBoolean[] locks = new AtomicBoolean[bundles.length];
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)