...
| Code Block | ||
|---|---|---|
| ||
public static int cardinality(Object obj, final Collection col) {
int count = 0;
if (col == null) {
return count;
}
Iterator it = col.iterator();
while (it.hasNext()) {
Object elt = it.next();
if ((null == obj && null == elt) || obj.equals(elt)) { // null pointer dereference
count++;
}
}
return count;
}
|
...
| Code Block | ||
|---|---|---|
| ||
public static int cardinality(Object obj, final Collection col) {
int count = 0;
if (col == null) {
return count;
}
Iterator it = col.iterator();
while (it.hasNext()) {
Object elt = it.next();
if ((null == obj && null == elt) ||
(null != obj && obj.equals(elt))) {
count++;
}
}
return count;
}
|
Explicit null checks as shown here an acceptable approach to eliminating null pointer dereferences.
Exceptions
EXP01-EX0: A method may dereference an object without testing it for null if the following conditions hold:
- The object must be a method argument, and not previously accessed
- There does not exist a better alternate behavior for handling null objects. That is, the method may choose not to do the null check for performance reasons, or it may not have a better alternative for handling the null object.
- The method must provide API documentation to this effect; that it does not gracefully handle null objects.
Risk Assessment
Dereferencing a null pointer can lead to a denial of service. In multithreaded programs, null pointer dereferences can violate cache coherency policies and can cause resource leaks.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="3b3e3e15888f319a-bd5c3dd6-4d8d4492-9906b89d-bd8af3e667a1f436580bf660"><ac:plain-text-body><![CDATA[ | [ISO/IEC TR 24772:2010 | http://www.aitcnet.org/isai/] | Null Pointer Dereference [XYH] | ]]></ac:plain-text-body></ac:structured-macro> |
CWE-476. NULL pointer dereference |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a0f64178a035cec9-1b54ee9f-40f24409-946ea981-9380ce078a25aaa240248b2e"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. References#API 06]] | [Method | http://java.sun.com/javase/6/docs/api/java/security/AccessController.html#doPrivileged(java.security.PrivilegedAction)] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="9dcbee4ddff5da44-4a45e127-497d4df2-a63faf51-acb08ca3c1a72d7c52d3399a"><ac:plain-text-body><![CDATA[ | [[Hovemeyer 2007 | AA. References#Hovemeyer 07]] |
| ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="658afaa6685c6165-bdfdccc0-48e941e7-b218a8b6-68102468c5e33a36491d8ce4"><ac:plain-text-body><![CDATA[ | [[Reasoning 2003 | AA. References#Reasoning 03]] | Defect ID 00-0001 | ]]></ac:plain-text-body></ac:structured-macro> | |
| Null Pointer Dereference | ||||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="22a5b695288255e8-0bf40b4c-411f4ae3-a446815f-abcf3e4f7f4b53f4bedd78ae"><ac:plain-text-body><![CDATA[ | [[SDN 2008 | AA. References#SDN 08]] | [Bug ID 6514454 | http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6514454] | ]]></ac:plain-text-body></ac:structured-macro> |
...