[jira] [Commented] (VFS-189) Possible NPE in DefaultFileSystemManager

Mon, 01 Feb 2016 01:06:07 -0800 

    [ 
https://issues.apache.org/jira/browse/VFS-189?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15125968#comment-15125968
 ] 

Bruno P. Kinoshita commented on VFS-189:
----------------------------------------

Reproduced the NPE locally, and submitted a proposed patch in 
https://github.com/apache/commons-vfs/pull/10.

It now fails when you try to resolve a file name with a null base file name. It 
throws a FileSystemException (documented in the Javadoc).

While writing the unit test, noticed a test method named 
"testResolveFileObjectNullAbsolute". Playing with resolveFile, the behaviour is 
similar. But if you pass a null base and an absolute file, it doesn't throw a 
NPE (the parser doesn't use the base file object).

However, if you call resolveFile with a null base file object, and a relative 
path (e.g. ../), it also throws a FileSystemException.

{code}
org.apache.commons.vfs2.FileSystemException: Could not find file with URI "../" 
because it is a relative path, and no base URI was provided.
        at 
org.apache.commons.vfs2.impl.DefaultFileSystemManager.resolveFile(DefaultFileSystemManager.java:829)
        at 
org.apache.commons.vfs2.impl.DefaultFileSystemManager.resolveFile(DefaultFileSystemManager.java:760)
        at 
org.apache.commons.vfs2.impl.test.DefaultFileSystemManagerTest.testResolveFileObjectNullAbsolute(DefaultFileSystemManagerTest.java:57)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
{code}

Ran the tests locally and they all passed with the following environment.

{noformat}
Apache Maven 3.3.9 (bb52d8502b132ec0a5a3f4c09453c07478323dc5; 
2015-11-11T05:41:47+13:00)
Maven home: /home/kinow/Development/java/apache-maven-3.3.9
Java version: 1.8.0_66, vendor: Oracle Corporation
Java home: /home/kinow/Development/java/jdk1.8.0_66/jre
Default locale: en_NZ, platform encoding: UTF-8
OS name: "linux", version: "3.19.0-47-generic", arch: "amd64", family: "unix"
{noformat}

> Possible NPE in DefaultFileSystemManager
> ----------------------------------------
>
>                 Key: VFS-189
>                 URL: https://issues.apache.org/jira/browse/VFS-189
>             Project: Commons VFS
>          Issue Type: Bug
>         Environment: Fortify
>            Reporter: Henri Yandell
>             Fix For: 1.1
>
>
> resolveName(FileName base, String, NameScope) does not protect from a null 
> base variable and will lead to an exception on realBase.getPath() later on in 
> the code.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to