...
| Code Block | ||
|---|---|---|
| ||
public static int cardinality(Object obj, final Collection col) {
int count = 0;
if (col == null) {
return count;
}
Iterator it = col.iterator();
while (it.hasNext()) {
Object elt = it.next();
if ((null == obj && null == elt) || obj.equals(elt)) { // null pointer dereference
count++;
}
}
return count;
}
|
...
| Code Block | ||
|---|---|---|
| ||
public static int cardinality(Object obj, final Collection col) {
int count = 0;
if (col == null) {
return count;
}
Iterator it = col.iterator();
while (it.hasNext()) {
Object elt = it.next();
if ((null == obj && null == elt) ||
(null != obj && obj.equals(elt))) {
count++;
}
}
return count;
}
|
Explicit null checks as shown here an acceptable approach to eliminating null pointer dereferences.
Exceptions
EXP01-EX0: A method may dereference an object without testing it for null if the following conditions hold:
- The object must be a method argument, and not previously accessed
- There does not exist a better alternate behavior for handling null objects. That is, the method may choose not to do the null check for performance reasons, or it may not have a better alternative for handling the null object.
- The method must provide API documentation to this effect; that it does not gracefully handle null objects.
Risk Assessment
Dereferencing a null pointer can lead to a denial of service. In multithreaded programs, null pointer dereferences can violate cache coherency policies and can cause resource leaks.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="399e07917cc42679-63ce49a2-4f6b4983-8feba7ea-d215009d630c127f090c11a7"><ac:plain-text-body><![CDATA[ | [ISO/IEC TR 24772:2010 | http://www.aitcnet.org/isai/] | Null Pointer Dereference [XYH] | ]]></ac:plain-text-body></ac:structured-macro> |
CWE-476. NULL pointer dereference |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="403b1e19e61dd3c4-4d5b1ec8-49364186-b9b3ade9-8b87590e33deef6fcd309e3e"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. References#API 06]] | [Method | http://java.sun.com/javase/6/docs/api/java/security/AccessController.html#doPrivileged(java.security.PrivilegedAction)] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="7655f7e2ef7b830a-81db244f-4b5f4fb1-b27a98fe-b0cb107c24b20ca5b90bdc49"><ac:plain-text-body><![CDATA[ | [[Hovemeyer 2007 | AA. References#Hovemeyer 07]] |
| ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b510df939edddb6d-c441c8d5-472c4641-a1878cdc-d104039cd87e7034501db57e"><ac:plain-text-body><![CDATA[ | [[Reasoning 2003 | AA. References#Reasoning 03]] | Defect ID 00-0001 | ]]></ac:plain-text-body></ac:structured-macro> | |
| Null Pointer Dereference | ||||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ff88ed0cbd19eaeb-85d744f1-49c94778-8346898e-1eafec4ef9e6ce1c5b2dfb2f"><ac:plain-text-body><![CDATA[ | [[SDN 2008 | AA. References#SDN 08]] | [Bug ID 6514454 | http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6514454] | ]]></ac:plain-text-body></ac:structured-macro> |
...