Potential Null Pointer Dereference

[rng70-or]

In file: AsyncInternal.java, class AsyncInternal method isAsync, there is a potential Null pointer dereference. This may throw an unexpected null pointer exception which, if unhandled, may crash the program.

public static boolean isAsync(Object func) {
    SerializedLambda lambda = LambdaUtils.toSerializedLambda(func);
    Object target = getTarget(lambda);
    return target instanceof ActivityStub
        || target instanceof ChildWorkflowStub
        || target instanceof ExternalWorkflowStub
        || (target instanceof AsyncMarker
            && lambda.getImplMethodKind() == MethodHandleInfo.REF_invokeInterface);
  }

variable labmda may initialized with null and if so, then, lambda.getImplMethodKind() will raise a null pointer exception. A null check should be introduced to avoid unexpected null pointer exceptions.

Sponsorship and Support

This work is done by the security researchers from OpenRefactory and is supported by the Open Source Security Foundation (OpenSSF): Project Alpha-Omega. Alpha-Omega is a project partnering with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code - and get them fixed – to improve global software supply chain security.

The bug is found by running the Intelligent Code Repair (iCR) tool by OpenRefactory and then manually triaging the results.