containerAnalyzer opened a new issue #8195: URL: https://github.com/apache/dubbo/issues/8195
Hello, Our static analyzer found a following potential NPE. We have checked the feasibility of this execution trace. It is necessary to defend this vulnerability to improve the code quality. 1. Return **null** to caller (Trace staring point) https://github.com/apache/dubbo/blob/f26ba91b67f642148a10d3b197502e29928b77bf/dubbo-common/src/main/java/org/apache/dubbo/common/extension/ExtensionLoader.java#L466 2. Function **getDefaultExtension** executes, stores the return value to **defaultextension** (**defaultextension** can be **null**) and return **defaultextension** to caller, which can be null https://github.com/apache/dubbo/blob/f26ba91b67f642148a10d3b197502e29928b77bf/dubbo-common/src/main/java/org/apache/dubbo/common/extension/ExtensionLoader.java#L434 3. Return the return value of function **getExtension** to caller https://github.com/apache/dubbo/blob/f26ba91b67f642148a10d3b197502e29928b77bf/dubbo-common/src/main/java/org/apache/dubbo/common/extension/ExtensionLoader.java#L426 4. Function **getExtension** executes and stores the return value to **extension** (extension can be null) https://github.com/apache/dubbo/blob/f26ba91b67f642148a10d3b197502e29928b77bf/dubbo-container/dubbo-container-api/src/main/java/org/apache/dubbo/container/Main.java#L63 5. Function **add** executes and **containers** contains null as its elements. https://github.com/apache/dubbo/blob/f26ba91b67f642148a10d3b197502e29928b77bf/dubbo-container/dubbo-container-api/src/main/java/org/apache/dubbo/container/Main.java#L63 6. Function **next** executes and return **null** value https://github.com/apache/dubbo/blob/f26ba91b67f642148a10d3b197502e29928b77bf/dubbo-container/dubbo-container-api/src/main/java/org/apache/dubbo/container/Main.java#L89 7. The return value of function **next** is passed as the this pointer to function **start** (the return value of function **next** can be null), which will leak to null pointer dereference https://github.com/apache/dubbo/blob/f26ba91b67f642148a10d3b197502e29928b77bf/dubbo-container/dubbo-container-api/src/main/java/org/apache/dubbo/container/Main.java#L90 Commit: f26ba91b67f642148a10d3b197502e29928b77bf ContainerAnalyzer -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
