[
https://issues.jboss.org/browse/ELY-752?page=com.atlassian.jira.plugin.sy...
]
David Lloyd resolved ELY-752.
-----------------------------
Resolution: Rejected
What Coverity cannot see is that SerializedPermissionCollection is only ever generated for
classes which have a newPermissionCollection method which has a non-null return value.
Thus I think this is actually "safe" and there is no case which can produce an
NPE (other than a corrupted stream, which can produce all manner of other problems as
well).
Coverity static analysis: Dereference null return value in
SerializedPermissionCollection (Elytron)
---------------------------------------------------------------------------------------------------
Key: ELY-752
URL:
https://issues.jboss.org/browse/ELY-752
Project: WildFly Elytron
Issue Type: Bug
Reporter: Josef Cacek
Assignee: Darran Lofthouse
Labels: static_analysis
Coverity static-analysis scan found possible use of null object comming from
{{SerializedPermissionCollection.readResolve()}} method.
https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=57600...
The {{newPermissionCollection()}} call may return null in the code:
{code}
final PermissionCollection collection = s.newPermissionCollection();
{code}
It's than used without a null-check in the method:
{code}
for (Permission permission : p) {
collection.add(permission);
}
if (r) collection.setReadOnly();
{code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)