SonarQube - Null Pointer Dereference Issue


(Simon Sirak) #1


I was fixing some issues gathered by SonarQube when I stumbled upon the following issue:

“SonarQube violation: Possible null pointer dereference in ___ due to return value of called method”

This error was found in the following code: ... else if (foo.list().length > 0) { ... }

I attempted to resolve this by rewriting as: ... else if (null != foo.list() && foo.list().length > 0) { ... }

foo is an instance of the File class in Java, and is directly instantiated through new File(...)

The only potential null is the return value of list(). That is why I explicitly check for this in my attempted solution.

My question is; is my solution incorrect? If not, this might be a bug.

I’m currently using SonarQube version 5.6.6.

Best Regards,
Simon Sirak

(Tibor Blenessy) #2


better way to handle this is to store the result of method invocation in a variable. There is no guarantee that subsequent invocations are returning the same value, that’s why issue is raised.

(Simon Sirak) #3

Yes, that worked! Thank you so much!!

(Nicolas Bontoux) #4

Hi there,

Quick note on this:

This likely means that you’re on an ancient version of the Java analyzer. There’d be huge value in jumping onto the latest version of the ecosystem (notably SonarQube), and benefit from all latest analyzers (e.g. the Java one). (in the meantime, in case of any other false-positive suspicion, make sure to check those latest versions as bunch of improvements are regularly released)