Andrey Slepykh created ARTEMIS-4663:
---------------------------------------
Summary: Possible dereference of null in MQTTPublishManager
Key: ARTEMIS-4663
URL: https://issues.apache.org/jira/browse/ARTEMIS-4663
Project: ActiveMQ Artemis
Issue Type: Bug
Reporter: Andrey Slepykh
Return value of a function
[readNullableSimpleString|https://github.com/apache/activemq-artemis/blob/fb1b362b473cad51ae5d05a897be02b1fa8461d4/artemis-protocols/artemis-mqtt-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/mqtt/MQTTPublishManager.java#L377]
is dereferenced at
[MQTTPublishManager.java:378|https://github.com/apache/activemq-artemis/blob/fb1b362b473cad51ae5d05a897be02b1fa8461d4/artemis-protocols/artemis-mqtt-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/mqtt/MQTTPublishManager.java#L378]
without checking for null, but it is usually checked for this function.
Since the readNullableSimpleString() function can return a null value, it may
be worth adding a null check before using it on line 378.
The
[publishToClient|https://github.com/apache/activemq-artemis/blob/fb1b362b473cad51ae5d05a897be02b1fa8461d4/artemis-protocols/artemis-mqtt-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/mqtt/MQTTPublishManager.java#L371]
private function can throw exceptions, but they are not handled anywhere in
the class.
Found by Linux Verification Center (portal.linuxtesting.ru) with SVACE.
Author A. Burke.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
