stackoom
  简体   繁体   中英

findbugs: Possible null pointer dereference warning

 原文  2018-07-26 13:49:39       java

Question

I got Possible null pointer dereference in convertMultiPartToFile(MultipartFile) due to return value of called method [line 91] in my findbugs report.

Here is the code:

private File convertMultiPartToFile(MultipartFile file) throws IOException {
        //line below is the line 91
        if (file == null || file.getOriginalFilename() == null)
            throw new InputValidationException("fileNameInvalid", i18n, file.getOriginalFilename());
        File convFile = new File(file.getOriginalFilename());
        FileOutputStream fos = new FileOutputStream(convFile);
        fos.write(file.getBytes());
        fos.close();
        return convFile;
}

I already check the null value of the file, why do I still get the warning?

Update 1:

After I removed the file name in the exception, it still has a warning on the line below.

private File convertMultiPartToFile(MultipartFile file) throws IOException {           
        if (file == null || file.getOriginalFilename() == null)
            throw new InputValidationException("fileNameInvalid", i18n, "");
        File convFile = new File(file.getOriginalFilename()); // warning here
        FileOutputStream fos = new FileOutputStream(convFile);
        fos.write(file.getBytes());
        fos.close();
        return convFile;
}

Update 2:

private File convertMultiPartToFile(MultipartFile file) throws IOException {
    File convFile = null;
    if (file != null && file.getOriginalFilename() != null) {
        convFile = new File(file.getOriginalFilename()); //line 91
        try (FileOutputStream fos = new FileOutputStream(convFile);) {
            fos.write(file.getBytes());
        }
    }
    return convFile;
}

Adapted @Michael Peacock's answer, the warning is still there.

Possible null pointer dereference in convertMultiPartToFile(MultipartFile) due to return value of called method

Bug type NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE (click for details) In class com.corpobids.server.service.AwsAPIService In method convertMultiPartToFile(MultipartFile)

Local variable stored in JVM register ?

Method invoked at Service.java:[line 91]

Known null at Service.java:[line 91]

2 answers

solution1
 2 ACCPTED  2018-07-26 15:16:57

There are a couple things here. First, you need to guarantee that you're going to close the FileOutputStream. This is done differently depending on the JDK you're using. Prior to JDK 1.7, you would use a finally block to close the fos. From JDK 1.7 forward, use a try with resources.

In addition, only proceed with the file processing if there's something to process. I haven't tested this code, but this should work to eliminate the possible NPE. Note how we've flipped the condition so that we skip processing the file if we can.

JDK <= 1.6: 

private File convertMultiPartToFileJDK16(MultipartFile file) throws IOException {           

    File convFile = null;
    FileOutputStream fos = null;

    if (file != null && file.getOriginalFilename() != null) {
        try {
            String originalFilename = file.getOriginalFilename();
            if (originalFilename != null) { 
               convFile = new File(originalFilename); 
               fos = new FileOutputStream(convFile);
               fos.write(file.getBytes());

        }
        catch(IOException ex){
                // handle IOException or rethrow it
        }
        finally {
            fos.close();
        }
    }
    return convFile;
}

JDK >= 1.7: 

    private File convertMultiPartToFileJDK17(MultipartFile file) throws IOException {
    File convFile = null;
    if (file != null ) {

        String originalFilename = file.getOriginalFilename();

        if (originalFilename != null) {
            convFile = new File(originalFilename);

            try(FileOutputStream fos = new FileOutputStream(convFile);) {
                fos.write(file.getBytes());
            }
        }
    }
    return convFile;
}

solution2
 0  2018-07-26 14:39:24

Edit: I think I was still thinking about this using file != null so this probably is incorrect. Let me know if breaking out the conditions separately doesn't fix the warning and I'll update/remove this answer.

Original: The or condition will short-circuit as soon as any condition evaluates to true. In this case, you could have a non-null MultipartFile object, whose `file.getOriginalFilename()' evaluates to null.

As soon as the conditional statement determines that file != null it's going to skip the throw clause and drop down to the next line. At which point, you would be passing null into the File() constructor (again, assuming you have a non-null file, but a null originalFilename field).

The FindBugs module doesn't like the idea of passing a possibly dereferenced value into the File() constructor. It would be safer to evaluate the conditions separately and act accordingly in each:

if (file == null) {
    throw new InputValidationException("fileObjectIsNull", i18n, "")
}

if (file.getOriginalFilename() == null) {
    throw new InputValidationException("fileNameInvalid", i18n, "");
}

File convFile = new File(file.getOriginalFilename());

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question FindBugs: Possible null pointer dereference Findbugs Possible null pointer dereference in java FindBugs null pointer dereference Why is findbugs throwing a null pointer dereference in this code? Findbugs gives “Null pointer dereference of System.out”, why? Possible null pointer dereference in SONAR SonarQube shows Possible null pointer dereference Explanation and fix for Possible null pointer dereference of possible null pointer dereference of rellist in java Java + Eclipse: False possible null pointer dereference?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM