Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Several potential NullPointerException bugs. #1532

Open
JulyChen728 opened this issue Nov 13, 2019 · 4 comments
Open

Several potential NullPointerException bugs. #1532

JulyChen728 opened this issue Nov 13, 2019 · 4 comments

Comments

@JulyChen728
Copy link

Hi all,

Our tool has found several potential NPE bugs.

  1. The method calculateItem returns null when the parameter obj is null.
    However, after checking several call sites of this method, we found that most of them don't handle the null case. For example, Number rval = (Number) calculateItem(this.right); in the method calculate assigns the return value of to variable rval. Then, the variable is used without checking whether it is null. Only two implementations of calculate in class AndOpt and OrOpt check whether the return value of calculateItem is null or not.

  2. visitJumpInsn invokes currentBlock.frame.execute(opcode, 0, null, null); at line 1021. The third argument is used in push(cw, item.strVal1); at method execute. Then, the null value may be dereferenced in the method push
    2.1. Similar to the second one, visitVarInsn also invokes currentBlock.frame.execute(opcode, var, null, null); at line 795.
    2.2. Similarily, visitIntInsn invokes currentBlock.frame.execute(opcode, operand, null, null); at line 770.
    2.3. The remaining potential NPE bugs with this pattern includes: 1011, 368

  3. The method readUTF8 may return null at line 2452. Then the return value is used by https://github.com/nutzam/nutz/tree/v1.r.68.v20191031/src/org/nutz/repo/org/objectweb/asm/ClassReader.java at line 2557. Then it calls method getObjectType and uses the parameter in char[] buf = internalName.toCharArray(); at line 228

  4. The second argument of mv.visitTypeInsn(CHECKCAST, type.getClassName().replace('.', '/')); at line 109 may return null due to the line 576

Thanks
@ITWOI
Copy link

ITWOI commented Nov 21, 2019

Hi, we have reported the bugs a while ago would you please take a look and confirm if they are real bugs. We have been conducting an experiment to measure the accuracy of our static checker. We would be deeply appreciated if you can provide some feedback!

@wendal
Copy link
Member

wendal commented Nov 21, 2019

yes, it will NPE. but, all code under package "org.nutz.repo.org.objectweb.asm" is copy from ASM 6.1.1. We don't do any change on it.

Maybe, we wiil upgrade to ASM 7.x, someday.

@wendal wendal closed this as completed Nov 21, 2019
@wendal
Copy link
Member

wendal commented Nov 21, 2019

And , the first NPE, maybe, let me check it ...

@wendal wendal reopened this Nov 21, 2019
@ITWOI
Copy link

ITWOI commented Nov 23, 2019

Hi may I please get a confirmation of the first bug we reported?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@wendal @ITWOI @JulyChen728