NPE.CONST

A NullPointerException is thrown in case of an attempt to dereference a null value. The dereference may be a function call, a read or write of a field, or an array access. NPE.CONST is reported for an attempt to dereference a variable that was initialized with a null constant.

Example 1

15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
     static String searchForMaxString(final String text) {
         if (text == null) return null;
         int max = 0;
         StringTokenizer tok = new StringTokenizer(text, ":");
         String found = null;
         while (tok.hasMoreTokens()) {
             String x = tok.nextToken();
             if (x.length() >= max) {
                 max = x.length();
                 found = x;
             }
         }
         int len = found.length();
         System.err.println(len + " -> " + found);
         return found;
     }

NPE.CONST is reported for line 27 since the null value was assigned to variable 'found' on line 19.

Related checkers

• NPE.COND
• NPE.RET
• NPE.RET.UTIL
• NPE.STAT

External guidance

• CERT EXP01-J: Do not use a null in a case where an object is required
• CWE-476: NULL Pointer Dereference

Security training

Application security training materials provided by Secure Code Warrior.

• Null Dereference Training Video - Test your skills with a training example

Extension

This checker can be extended through the Klocwork knowledge base. See Tuning Java analysis for more information.