[jira] [Commented] (CASSANDRA-6263) Static Code Analysis Results: Null Dereference

Tue, 29 Oct 2013 06:03:17 -0700 

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-6263?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13807948#comment-13807948
 ] 

Sherif Mansour commented on CASSANDRA-6263:
-------------------------------------------

I'm using Fortify by the way!

> Static Code Analysis Results: Null Dereference
> ----------------------------------------------
>
>                 Key: CASSANDRA-6263
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-6263
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Core
>            Reporter: Sherif Mansour
>            Priority: Minor
>              Labels: Security
>
> I would like to contribute to Cassandra community by raising bugs for code 
> quality issues.
> The first bug type I am raising for is Null Dereference
>  Additionally I can raise bugs for security issues however I cannot find the 
> responsible disclosure process for the Cassandra team, these issues would 
> need to be private for obvious reasons.
> The issues
> 01) The method deleteStatement() in CqlParser.java can crash the program by 
> dereferencing a null pointer on line 2034.
> 02) The method columnOperation() in CqlParser.java can crash the program by 
> dereferencing a null pointer on line 6338.
> 03) The method isSatisfiedBy() in ExtendedFilter.java can crash the program 
> by dereferencing a null pointer on line 316.
> 04) The method run() in IndexedRangeSlicer.java can crash the program by 
> dereferencing a null pointer on line 101.
> 05) The method scrub() in Scrubber.java can crash the program by 
> dereferencing a null pointer on line 169.
> 06) The method processColumnFamily() in SelectStatement.java can crash the 
> program by dereferencing a null pointer on line 901.
> 07) The method accept() in SSTableLoader.java can crash the program by 
> dereferencing a null pointer on line 81.
> 08) The method buildSummary() in SSTableReader.java can crash the program by 
> dereferencing a null pointer on line 469.
> 09) The method buildSummary() in SSTableReader.java can crash the program by 
> dereferencing a null pointer on line 476.
> 10) The method fetchRows() in StorageProxy.java can crash the program by 
> dereferencing a null pointer on line 1280.
> 11) The method fetchRows() in StorageProxy.java can crash the program by 
> dereferencing a null pointer on line 1297.
> 12) The method groupSuperColumns() in SuperColumns.java can crash the program 
> by dereferencing a null pointer on line 99.
> Recommendations:
> Implement careful checks before dereferencing objects that might be null. 
> When possible, abstract null checks into wrappers around code that 
> manipulates resources to ensure that they are applied in all cases and to 
> minimize the places where mistakes can occur.
> PLEASE NOTE: These issues do require manual verification as some might be 
> false positives.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Reply via email to