Petr Dvorak created AXIS2-5863:
----------------------------------
Summary: Possible null dereference in ServiceStub class
Key: AXIS2-5863
URL: https://issues.apache.org/jira/browse/AXIS2-5863
Project: Axis2
Issue Type: Bug
Components: codegen
Affects Versions: 1.7.5
Reporter: Petr Dvorak
We use Coverity Scan tool to audit our open-source code against security
vulnerabilities. Possible NullPointerException was detected in Axis2 generated
ServiceStub class code. The issue occurs in following generated code:
{code:java}
} finally {
if (_messageContext.getTransportOut() != null) {
_messageContext.getTransportOut().getSender()
.cleanup(_messageContext);
}
}
{code}
In case "_messageContext" is set to null, the if condition throws NPE. Also, we
can see the path on how this variable value actually may become null, so we
believe the issue is valid and null check should be present...
Here are possible implications of the issue from the security perspective:
http://cwe.mitre.org/data/definitions/476.html
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org
