Closed Bug 1258703 Opened 8 years ago Closed 8 years ago

[Static Analysis][Dereference null return value] In function Reporter::receivedGpsMessage

Categories

(Firefox for Android Graveyard :: General, defect)

defect
Not set
normal

Tracking

(firefox48 fixed)

RESOLVED FIXED
Firefox 48
Tracking Status
firefox48 --- fixed

People

(Reporter: andi, Assigned: andi)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, Whiteboard: CID 123978 )

Attachments

(1 file)

The Static Analysis tool Coverity added that variable |subject| is used without being null checked, thus leading to a potential null pointer dereference:

>>        String subject = intent.getStringExtra(Intent.EXTRA_SUBJECT);
>>        if (subject.equals(GPSScanner.SUBJECT_NEW_LOCATION)) {
>>            reportCollectedLocation();
>>            Location newPosition = intent.getParcelableExtra(GPSScanner.NEW_LOCATION_ARG_LOCATION);
>>            mBundle = (newPosition != null) ? new StumblerBundle(newPosition, mPhoneType) : mBundle;
>>        }

getStringExtra can return null:

>>    public String getStringExtra(String name) {
>>        return mExtras == null ? null : mExtras.getString(name);
>>    }
Attachment #8733375 - Flags: review?(s.kaspari)
Comment on attachment 8733375 [details]
MozReview Request: Bug 1258703 - avoid null pointer dereference on |subject|. r?sebastian

https://reviewboard.mozilla.org/r/41747/#review38175

The change looks good to me. There's also an upstream version of Stumbler on Github:
https://github.com/mozilla/MozStumbler

I wonder if we fix those bugs on github and merge them back to mozilla-central or if we fix both projects independently. I'll flag and ask Victor. :)

::: mobile/android/stumbler/java/org/mozilla/mozstumbler/service/stumblerthread/Reporter.java:109
(Diff revision 1)
>          putCellResults(results);
>      }
>  
>      private void receivedGpsMessage(Intent intent) {
>          String subject = intent.getStringExtra(Intent.EXTRA_SUBJECT);
> -        if (subject.equals(GPSScanner.SUBJECT_NEW_LOCATION)) {
> +        if (subject != null && subject.equals(GPSScanner.SUBJECT_NEW_LOCATION)) {

We often avoid those NullPointerException(s) by reversing the equals call (and assuming the constants is never null):

if (GPSScanner.SUBJECT_NEW_LOCATION.equals(subject)) {
..
}
@Victor: This is a change in the Stumbler code base and I saw that you are maintaining it on GitHub. Is this completely independent from mozilla-central or should we fix this only in one place and regularly merge between the two projects?
Flags: needinfo?(vng)
The codebase has diverged pretty significantly since we landed the patches into mozilla central, so I've applied a backport of your patch to the main stumbler source tree.  

https://github.com/mozilla/MozStumbler/pull/1752

Thanks Sebastian!  Which static analysis tool are you using?  I'd like to see if I can have it integrated into the Travis builds so that I can also get yelled at by the robots.  :)
Flags: needinfo?(vng)
Comment on attachment 8733375 [details]
MozReview Request: Bug 1258703 - avoid null pointer dereference on |subject|. r?sebastian

https://reviewboard.mozilla.org/r/41747/#review38181
Attachment #8733375 - Flags: review+
(In reply to Victor Ng [:vng] [:crankycoder] from comment #4)
> Thanks Sebastian!  Which static analysis tool are you using?  I'd like to
> see if I can have it integrated into the Travis builds so that I can also
> get yelled at by the robots.  :)

This report here is from Coverity (we are also using Android lint). I actually don't know how they are actually produced but Andi-Bogdan probably knows!
I am managing a jenkins instance here: http://relman-ci.mozilla.org/
For now, I am using scan-build, coverity & infer but happy to plug other tools.

I work closely with Andi on this.
Comment on attachment 8733375 [details]
MozReview Request: Bug 1258703 - avoid null pointer dereference on |subject|. r?sebastian

Review request updated; see interdiff: https://reviewboard.mozilla.org/r/41747/diff/1-2/
Attachment #8733375 - Attachment description: MozReview Request: Bug 1258703 - null check |subject| before dereferencing. r?sebastian → MozReview Request: Bug 1258703 - avoid null pointer dereference on |subject|. r?sebastian
https://hg.mozilla.org/mozilla-central/rev/bc476c66d225
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 48
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.