Uploaded image for project: 'logback'
  1. logback
  2. LOGBACK-787

ch.qos.logback.classic.db.DBAppender - potential null pointer access

    XMLWordPrintable

Details

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • None
    • None
    • None

    Description

      Static code analysis reveals that

      ch.qos.logback.classic.db.DBAppender.bindLoggingEventWithInsertStatement:

      -------------
      void bindLoggingEventArgumentsWithPreparedStatement(PreparedStatement stmt,
      Object[] argArray) throws SQLException {

      int arrayLen = argArray != null ? argArray.length : 0;

      for(int i = 0; i < arrayLen && i < 4; i++)

      { stmt.setString(ARG0_INDEX+i, asStringTruncatedTo254(argArray[i])); }
      if(arrayLen < 4) {
      for(int i = arrayLen; i < 4; i++) { stmt.setString(ARG0_INDEX+i, null); }
      }
      }
      -------------

      has a potential null pointer access in:

      for(int i = 0; i < arrayLen && i < 4; i++) { stmt.setString(ARG0_INDEX+i, asStringTruncatedTo254(argArray[i])); }

      Indeed, argArray may be null at that location, but that's not a problem because in that case arrayLen has been set to 0.

      But then, do the ARG0_INDEX+i have appropriate values in

      ----------
      if(arrayLen < 4) {
      for(int i = arrayLen; i < 4; i++)

      { stmt.setString(ARG0_INDEX+i, null); }

      }
      ----------

      Attachments

        Activity

          People

            logback-dev Logback dev list
            dtonhofer David Tonhofer
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: