Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In file: LogEntry.java, class:
LogEntry
, there is a methodfromPb
in which there is a potential Null pointer dereference. This may throw an unexpected null pointer exception which, if unhandled, may crash the program.In line 768, the variable
name
is assigned by a method callLogName.parse
. This method may return a null value. Then in 769, there is the potential null dereference case. This is where the fix is suggested. An argument may be that the method callLogName.parse
is designed to not return null at all. However, in line 770, we passname
to a method where the method may return null ifname
is null. Right after this, in line 771 we do a null check on the return value. This suggests that we may have catered forname
being null inside the methodfromLogName
in 770; we should similarly do null check in line 769 too.Note that there may be a case that the
LogName.parse
is guaranteed to return null. That is something I am leaving for the developer to decide.I introduced a null check to protect from an exception. A developer should verify this.
Sponsorship and Support:
This work is done by the security researchers from OpenRefactory and is supported by the Open Source Security Foundation (OpenSSF): Project Alpha-Omega. Alpha-Omega is a project partnering with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code - and get them fixed – to improve global software supply chain security.
The bug is found by running the Intelligent Code Repair (iCR) tool by OpenRefactory and then manually triaging the results.