...
| Wiki Markup |
|---|
This noncompliant example shows a bug in Tomcat version 4.1.24 initially discovered by Reasoning \[[Reasoning 2003|AA. Java References#Reasoning 03]\]. The {{cardinality}} method was designed to return the number of occurrences of object {{obj}} in collection {{col}}. A valid use of the {{cardinality}} method is to determine how many objects in the collection are {{null}}. However, because membership in the collection is checked with the expression {{obj.equals(elt)}}, a null pointer dereference is guaranteed whenever {{obj}} is {{null}}. Such ambiguity can also result from the short-circuit behavior of the conditional AND and OR operators (See guideline [EXP07-J. Be aware of the short-circuit behavior of the conditional AND and OR operators].). |
| Code Block | ||
|---|---|---|
| ||
public static int cardinality(Object obj, final Collection col) {
int count = 0;
Iterator it = col.iterator();
while(it.hasNext()) {
Object elt = it.next();
if((null == obj && null == elt) || obj.equals(elt)) { // null pointer dereference
count++;
}
}
return count;
}
|
...
Dereferencing a null pointer can lead to denial of Service. In multithreaded programs, this can violate cache coherency policies and cause resource leaks.
Rule Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
EXP12- J | low | likely | high | P3 | L3 |
...