Eduardo Aguinaga created CASSANDRA-12538:
--------------------------------------------
Summary: Null Dereference
Key: CASSANDRA-12538
URL: https://issues.apache.org/jira/browse/CASSANDRA-12538
Project: Cassandra
Issue Type: Sub-task
Reporter: Eduardo Aguinaga
Overview:
In May through June of 2016 a static analysis was performed on version 3.0.5 of
the Cassandra source code. The analysis included an automated analysis using HP
Fortify v4.21 SCA and a manual analysis utilizing SciTools Understand v4. The
results of that analysis includes the issue below.
Issue:
In the file BatchStatement.java on line 449 the object casRequest may be null
and a null dereference exception could be generated. casRequest is initialized
to null on linw 412 and if the for loop beginning on line 415 is skipped the
null dereference will occur.
{code:java}
BatchStatement.java, lines 412-450:
412 CQL3CasRequest casRequest = null;
413 Set<ColumnDefinition> columnsWithConditions = new LinkedHashSet<>();
414
415 for (int i = 0; i < statements.size(); i++)
416 {
417 ModificationStatement statement = statements.get(i);
418 QueryOptions statementOptions = options.forStatement(i);
419 long timestamp = attrs.getTimestamp(now, statementOptions);
420 List<ByteBuffer> pks =
statement.buildPartitionKeyNames(statementOptions);
421 if (pks.size() > 1)
422 throw new IllegalArgumentException("Batch with conditions cannot
span multiple partitions (you cannot use IN on the partition key)");
423 if (key == null)
424 {
425 key = statement.cfm.decorateKey(pks.get(0));
426 casRequest = new CQL3CasRequest(statement.cfm, key, true,
conditionColumns, updatesRegularRows, updatesStaticRow);
427 }
428 else if (!key.getKey().equals(pks.get(0)))
429 {
430 throw new InvalidRequestException("Batch with conditions cannot
span multiple partitions");
431 }
432
...
448 }
449 casRequest.addRowUpdate(clustering, statement, statementOptions,
timestamp);
450 }
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
