Our SAST shows possible NullPointerException in https://github.com/jruby/jruby/blob/master/core/src/main/java/org/jruby/ir/dataflow/analyses/UnboxableOpsAnalysisNode.java#L362
private TemporaryLocalVariable getUnboxedVar(Class reqdType, Map<Variable, TemporaryLocalVariable> unboxMap, Variable v, boolean createNew) {
TemporaryLocalVariable unboxedVar = unboxMap.get(v);
// FIXME: This is a bit broken -- SSA will eliminate this need for type verification
if ((unboxedVar == null && createNew) || !matchingTypes(reqdType, unboxedVar.getType())) {
unboxedVar = problem.getFIC().getNewUnboxedVariable(reqdType);
unboxMap.put(v, unboxedVar);
} else if (unboxedVar == null) {
// FIXME: throw an exception here
System.out.println("ERROR: No unboxed var for : " + v);
}
return unboxedVar;
}
If unboxedVar is null and createNew is false, then unboxedVar.getType() will cause NPE. And null unboxedVar is expectable condition, but appears to be unreachable.
Environment Information
We are analyzing versions 9.4.x (8-12), but this problem is still in master
Expected Behavior
- No NPE at all. But it seems nobody catch it through the years, so i don't know if this condition exists at all
Actual Behavior
- have no tests to show this NPE, can't figure out how to make one. This is simply code analysis, that showed possible NPE
Our SAST shows possible NullPointerException in https://github.com/jruby/jruby/blob/master/core/src/main/java/org/jruby/ir/dataflow/analyses/UnboxableOpsAnalysisNode.java#L362
If
unboxedVaris null andcreateNewis false, thenunboxedVar.getType()will cause NPE. And nullunboxedVaris expectable condition, but appears to be unreachable.Environment Information
We are analyzing versions 9.4.x (8-12), but this problem is still in master
Expected Behavior
Actual Behavior