[jira] [Created] (CASSANDRA-6263) Static Code Analysis Results: Null Dereference

Tue, 29 Oct 2013 03:27:10 -0700 

Sherif Mansour created CASSANDRA-6263:
-----------------------------------------

             Summary: Static Code Analysis Results: Null Dereference
                 Key: CASSANDRA-6263
                 URL: https://issues.apache.org/jira/browse/CASSANDRA-6263
             Project: Cassandra
          Issue Type: Bug
          Components: Core
            Reporter: Sherif Mansour
            Priority: Minor


I would like to contribute to Cassandra community by raising bugs for code 
quality issues.

The first bug type I am raising for is Null Dereference
 Additionally I can raise bugs for security issues however I cannot find the 
responsible disclosure process for the Cassandra team, these issues would need 
to be private for obvious reasons.

The issues
01) The method deleteStatement() in CqlParser.java can crash the program by 
dereferencing a null pointer on line 2034.
02) The method columnOperation() in CqlParser.java can crash the program by 
dereferencing a null pointer on line 6338.
03) The method isSatisfiedBy() in ExtendedFilter.java can crash the program by 
dereferencing a null pointer on line 316.
04) The method run() in IndexedRangeSlicer.java can crash the program by 
dereferencing a null pointer on line 101.
05) The method scrub() in Scrubber.java can crash the program by dereferencing 
a null pointer on line 169.
06) The method processColumnFamily() in SelectStatement.java can crash the 
program by dereferencing a null pointer on line 901.
07) The method accept() in SSTableLoader.java can crash the program by 
dereferencing a null pointer on line 81.
08) The method buildSummary() in SSTableReader.java can crash the program by 
dereferencing a null pointer on line 469.
09) The method buildSummary() in SSTableReader.java can crash the program by 
dereferencing a null pointer on line 476.
10) The method fetchRows() in StorageProxy.java can crash the program by 
dereferencing a null pointer on line 1280.
11) The method fetchRows() in StorageProxy.java can crash the program by 
dereferencing a null pointer on line 1297.
12) The method groupSuperColumns() in SuperColumns.java can crash the program 
by dereferencing a null pointer on line 99.

Recommendations:
Implement careful checks before dereferencing objects that might be null. When 
possible, abstract null checks into wrappers around code that manipulates 
resources to ensure that they are applied in all cases and to minimize the 
places where mistakes can occur.

PLEASE NOTE: These issues do require manual verification as some might be false 
positives.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Reply via email to