Some potential NPE bugs

[JulyChen728]

Hi all, our bug scanner has reported some NPE bugs.

1.The first one is at FileInJarReadableDataSource.java#L99 since the variable inputStream may be null.

2.The second one is at SimpleHttpClient.java#L168 cause the variable charset may be null. Since the variable charset is checked for null at SimpleHttpClient.java#L100, a NPE bug may take place when the call chain is SimpleHttpClient.java#L111 => SimpleHttpClient.java#L168.

3.The third one is at EagleEye.java#L101 since the variable tmpPath may be null. A possible call chain is getSystemProperty() => EagleEye.java#L99 => EagleEye.java#L101.The same bug may take place at EagleEye.java#L113. Some familiar situationa are at EagleEye.java#L64 since the variable charsetName may be null, EagleEye.java#L89 since the variable userHome may be null.

4.The forth is at StatisticSlot.java#L147. A possible call chain is getCurNode() =>StatisticSlot.java#L136 =>StatisticSlot.java#L147. Since the method getCurNode() may return null, the variable node at StatisticSlot.java#L147 may be null and thus a NPE bug may take place.

5.The fifth is at SimpleHttpResponse.java#L50. A possible call chain is getHeader() =>SimpleHttpResponse.java#L49 =>SimpleHttpResponse.java#L50.Since the method getHeader() may return null, the variable contentType at SimpleHttpResponse.java#L50 may be null and thus a NPE bug may take place.

Thanks.

[HermioneSW]

@sczyh30 Thanks for your feedback. We are trying to get some results of our dogfooding. Could you please confirm which ones are indeed bugs? Thanks a million!

[JiangZian]

1.The first one is at FileInJarReadableDataSource.java#L99 since the variable inputStream may be null.

• 1.jarEntry对象为空时 java.util.zip.ZipFile#getInputStream#L346 会显示抛出NPE
  • 此异常已在上层捕获，赋值流对象无真实IO，危险系数较低
• 2.内存分配失败时，native 方法返回值为0时返回null值 FileInJarReadableDataSource.java#L100会抛出NPE
  • 此异常已在上层捕获，赋值流对象无真实IO，危险系数较低

2.The second one is at SimpleHttpClient.java#L168 cause the variable charset may be null. Since the variable charset is checked for null at SimpleHttpClient.java#L100, a NPE bug may take place when the call chain is SimpleHttpClient.java#L111 => SimpleHttpClient.java#L168.

• 此问题真实存在，需要增加请求charset非空判断，避免charset.name()空指针异常

[JiangZian]

下图对应的是1.2内存分配失败代码逻辑

下图对应的是1.1实例为空

[JiangZian]

3.The third one is at EagleEye.java#L101 since the variable tmpPath may be null. A possible call chain is getSystemProperty() => EagleEye.java#L99 => EagleEye.java#L101.The same bug may take place at EagleEye.java#L113. Some familiar situationa are at EagleEye.java#L64 since the variable charsetName may be null, EagleEye.java#L89 since the variable userHome may be null.

• 这个问题不存在，已有非空判断

String charsetName = EagleEyeCoreUtils.getSystemProperty("EAGLEEYE.CHARSET"); if (EagleEyeCoreUtils.isNotBlank(charsetName)) { charsetName = charsetName.trim();

public static boolean isNotBlank(String str) { return !isBlank(str); }

public static boolean isBlank(String str) { int strLen; if (str == null || (strLen = str.length()) == 0) { return true; }

[JiangZian]

4.The forth is at StatisticSlot.java#L147. A possible call chain is getCurNode() =>StatisticSlot.java#L136 =>StatisticSlot.java#L147. Since the method getCurNode() may return null, the variable node at StatisticSlot.java#L147 may be null and thus a NPE bug may take place.

• context，上层已经判断了
• sentinel 的context node，是根据上下文名称在enter时生成（上下文初始化时ContextUtil.trueEnter），忽略空值问题

5.The fifth is at SimpleHttpResponse.java#L50. A possible call chain is getHeader() =>SimpleHttpResponse.java#L49 =>SimpleHttpResponse.java#L50.Since the method getHeader() may return null, the variable contentType at SimpleHttpResponse.java#L50 may be null and thus a NPE bug may take place.

• 我发现确实有空指针问题，并提交了代码

[JiangZian]

@sczyh30 这个后续的改动您看看，是否有必要合并