Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a null check #1435

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

munahaf
Copy link

@munahaf munahaf commented Sep 25, 2023

In file: LogEntry.java, class: LogEntry, there is a method fromPb in which there is a potential Null pointer dereference. This may throw an unexpected null pointer exception which, if unhandled, may crash the program.

In line 768, the variable name is assigned by a method call LogName.parse. This method may return a null value. Then in 769, there is the potential null dereference case. This is where the fix is suggested. An argument may be that the method call LogName.parse is designed to not return null at all. However, in line 770, we pass name to a method where the method may return null if name is null. Right after this, in line 771 we do a null check on the return value. This suggests that we may have catered for name being null inside the method fromLogName in 770; we should similarly do null check in line 769 too.
Note that there may be a case that the LogName.parse is guaranteed to return null. That is something I am leaving for the developer to decide.

I introduced a null check to protect from an exception. A developer should verify this.

Sponsorship and Support:

This work is done by the security researchers from OpenRefactory and is supported by the Open Source Security Foundation (OpenSSF): Project Alpha-Omega. Alpha-Omega is a project partnering with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code - and get them fixed – to improve global software supply chain security.

The bug is found by running the Intelligent Code Repair (iCR) tool by OpenRefactory and then manually triaging the results.

@munahaf munahaf requested review from a team as code owners September 25, 2023 02:34
@product-auto-label product-auto-label bot added size: xs Pull request size is extra small. api: logging Issues related to the googleapis/java-logging API. labels Sep 25, 2023
@cindy-peng cindy-peng added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jan 2, 2024
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jan 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
api: logging Issues related to the googleapis/java-logging API. size: xs Pull request size is extra small.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants