Skip to content
This repository was archived by the owner on Oct 23, 2024. It is now read-only.
This repository was archived by the owner on Oct 23, 2024. It is now read-only.

parser/deserializer/ThrowableDeserializer.java 里 deserialze() 可疑的空指针解引用  #1613

Closed
Closed
parser/deserializer/ThrowableDeserializer.java 里 deserialze() 可疑的空指针解引用 #1613
Labels
bug
Milestone
1.2.42
@viennadd

Description

@viennadd
viennadd
opened on Nov 27, 2017

Hi,

我们的代码检查器 Pinpoint 报告了一处可疑的空指针解引用,

fastjson/src/main/java/com/alibaba/fastjson/parser/deserializer/ThrowableDeserializer.java

Lines 131 to 150 in fcd2ae7

if (otherValues != null) {
JavaBeanDeserializer exBeanDeser = null;
if (exClass != null) {
if (exClass == clazz) {
exBeanDeser = this;
} else {
ObjectDeserializer exDeser = parser.getConfig().getDeserializer(exClass);
if (exDeser instanceof JavaBeanDeserializer) {
exBeanDeser = (JavaBeanDeserializer) exDeser;
}
}
}
for (Map.Entry<String, Object> entry : otherValues.entrySet()) {
String key = entry.getKey();
Object value = entry.getValue();
FieldDeserializer fieldDeserializer = exBeanDeser.getFieldDeserializer(key);
if (fieldDeserializer != null) {

149 行的 exBeanDeser 变量是否有可能跳过全部初始化赋值(139 返回 false 的话) 导致维持 null 值,然后触发空指针解用?

这处是真的有潜在问题?,还是 139 行的检查是非必要?

祝好,
Sourcebrella Inc.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions