search

facebookarchive / stetho

Stetho is a debug bridge for Android applications, enabling the powerful Chrome Developer Tools and much more.
http://facebook.github.io/stetho/
MIT License
12.66k stars 1.13k forks source link

A potential null pointer dereference bug. Please confirm, much appreicated! #681

Open HermioneSW opened 4 years ago

HermioneSW commented 4 years ago

Hi,

We are developing a new static analysis tool for catching bugs in Java code. Upon scanning your codebase we find the following:

In Frame.java (stetho/src/main/java/com/facebook/stetho/websocket/Frame.java) line 41, if hasMask is false then maskingKey will be assigned null when passed to MaskingHelper.unmask(maskingKey, payloadData, 0, (int)payloadLen) the expression key[index++ % key.length] at line 14 in MaskingHelper.java will trigger a null pointer dereference.

Would you please take a look and confirm this is indeed a bug? Thanks a million!!!

HermioneSW commented 4 years ago

Hi, can anyone please take a look at the issue and confirm this is indeed a bug? Thanks a million!