[ https://issues.apache.org/jira/browse/CASSANDRA-12538?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Eduardo Aguinaga updated CASSANDRA-12538: ----------------------------------------- Not an issue...removed by issuer > Null Dereference > ---------------- > > Key: CASSANDRA-12538 > URL: https://issues.apache.org/jira/browse/CASSANDRA-12538 > Project: Cassandra > Issue Type: Sub-task > Reporter: Eduardo Aguinaga > > Overview: > In May through June of 2016 a static analysis was performed on version 3.0.5 > of the Cassandra source code. The analysis included an automated analysis > using HP Fortify v4.21 SCA and a manual analysis utilizing SciTools > Understand v4. The results of that analysis includes the issue below. > Issue: > In the file BatchStatement.java on line 449 the object casRequest may be null > and a null dereference exception could be generated. casRequest is > initialized to null on linw 412 and if the for loop beginning on line 415 is > skipped the null dereference will occur. > {code:java} > BatchStatement.java, lines 412-450: > 412 CQL3CasRequest casRequest = null; > 413 Set<ColumnDefinition> columnsWithConditions = new LinkedHashSet<>(); > 414 > 415 for (int i = 0; i < statements.size(); i++) > 416 { > 417 ModificationStatement statement = statements.get(i); > 418 QueryOptions statementOptions = options.forStatement(i); > 419 long timestamp = attrs.getTimestamp(now, statementOptions); > 420 List<ByteBuffer> pks = > statement.buildPartitionKeyNames(statementOptions); > 421 if (pks.size() > 1) > 422 throw new IllegalArgumentException("Batch with conditions cannot > span multiple partitions (you cannot use IN on the partition key)"); > 423 if (key == null) > 424 { > 425 key = statement.cfm.decorateKey(pks.get(0)); > 426 casRequest = new CQL3CasRequest(statement.cfm, key, true, > conditionColumns, updatesRegularRows, updatesStaticRow); > 427 } > 428 else if (!key.getKey().equals(pks.get(0))) > 429 { > 430 throw new InvalidRequestException("Batch with conditions cannot > span multiple partitions"); > 431 } > 432 > ... > 448 } > 449 casRequest.addRowUpdate(clustering, statement, statementOptions, > timestamp); > 450 } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)