(tomcat) branch 10.1.x updated: Re-order checks to avoid NPE. Identified by Coverity Scan.

Fri, 17 Oct 2025 19:26:21 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
     new efacf84fc2 Re-order checks to avoid NPE. Identified by Coverity Scan.
efacf84fc2 is described below

commit efacf84fc29160d8074ef8acfd5431e30a2599d8
Author: Mark Thomas <[email protected]>
AuthorDate: Tue Oct 14 07:43:12 2025 +0100

    Re-order checks to avoid NPE. Identified by Coverity Scan.
---
 java/org/apache/catalina/loader/WebappLoader.java | 6 +++---
 webapps/docs/changelog.xml                        | 9 +++++++++
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/java/org/apache/catalina/loader/WebappLoader.java 
b/java/org/apache/catalina/loader/WebappLoader.java
index 45152d0840..e6091212d7 100644
--- a/java/org/apache/catalina/loader/WebappLoader.java
+++ b/java/org/apache/catalina/loader/WebappLoader.java
@@ -503,6 +503,9 @@ public class WebappLoader extends LifecycleMBeanBase 
implements Loader {
             URL[] repositories = ((URLClassLoader) loader).getURLs();
             for (URL url : repositories) {
                 String repository = url.toString();
+                if (repository == null) {
+                    continue;
+                }
                 if (repository.startsWith("file:")) {
                     // Let the JRE handle all the edge cases for URL to path 
conversion.
                     try {
@@ -514,9 +517,6 @@ public class WebappLoader extends LifecycleMBeanBase 
implements Loader {
                 } else {
                     continue;
                 }
-                if (repository == null) {
-                    continue;
-                }
                 if (classpath.length() > 0) {
                     classpath.append(File.pathSeparator);
                 }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index defde7faf3..ee2bbb5cd8 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -105,6 +105,15 @@
   issues do not "pop up" wrt. others).
 -->
 <section name="Tomcat 10.1.49 (schultz)" rtext="in development">
+  <subsection name="Catalina">
+    <changelog>
+      <fix>
+        When generating the class path in the Loader, re-order the check on
+        individual class path components to avoid a potential
+        <code>NullPointerException</code>. Identified by Coverity Scan. (markt)
+      </fix>
+    </changelog>
+  </subsection>
   <subsection name="Other">
     <changelog>
       <update>


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to