Uploaded image for project: 'Service Packs and Hot Fixes'
  1. Service Packs and Hot Fixes
  2. MNT-20932

Unguarded access to a Pair value retrieved using nodeDao.getNodePair method which can return null


    • Type: Service Pack Request
    • Status: Closed
    • Resolution: Fixed
    • Affects Version/s: 5.2, 6.1
    • Fix Version/s: 6.0.N, 6.1.N, 5.2.7, 7.0.N, 6.2.1
    • Component/s: Foundation Java APIs
    • Environment:
      ACS 5.2.4 with Oracle, PostgreSQL and with H2 1.4.199 database
      ACS 5.2.5 Installer Version on Windows with PostgreSQL
      ACS 6.1.0 Embedded Development Environment with Docker and H2 database
    • Bug Priority:
      Category 3
    • ACT Numbers:

      00993868, 00998823

    • Sprint:
      Repo 74
    • Story Points:
    • Epic Link:
    • Delivery Team:
      Feature Teams


       There is a possible NPE (Null Pointer Exception) when we run DB query of nodeDao.getNodePair method using "dbid". 

      For example, We run a query to return a resultset of nodeRefs first. Then use them to run another query to fetch some properties associated with those nodes as the following code snippet shows. 

      *Note: This code snippet is from DBresultset.java. 


      Line 204: NodeRef nodeRef = nodeDao.getNodePair(dbids.get(n)).getSecond();


      NPE can happen when one of the nodes are deleted between being returned in the resultset and then being queried to get its properties.


      Steps to reproduce


      Prerequisite: Use database, which handles the transaction isolation level as READ COMMITTED. Please see at the "Environment:" for further assistance. 


      1. Run the attached script name "NPEReproducingScript.js."

      *Note: There is one more script named KillSwitchScript.js attached, but you don't need to use it unless you want to stop NPEReproducingScript.js while it is running. 


      Observed Behaviour

      Null Pointer Exception happens. Because those nodeRefs were retrieving by ID that was previously retrieved from the database in the same transaction. 


      Expected Behaviour

      The code should properly handle the scenario instead of throwing an NPE. 

      The "nodeRef" object being null is actually exist at line 205 of DBresultset.java, but it does not respect this scenario. NULL should be handled well, and the NPE should not occur.

      Line 205: nodeRefs[n] = nodeRef == null ? null : tenantService.getBaseName(nodeRef);
      Line 206: return;


      Additional Information

      The default DBMS transaction isolation level is usually READ COMMITED. This means that if there is another transaction that has removed given node from the database and committed that change between when this transaction read the id and queries for it again, the second query (nodeDao.getNodePair in the code above) may return no entry (or entry marked as deleted) which results in null and due to lack of guard, NullPointerException.







              • Assignee:
                closedbugs Closed Bugs (Inactive)
                pbateman Paul Bateman
              • Votes:
                0 Vote for this issue
                6 Start watching this issue


                • Created:

                  Structure Helper Panel