Issue Type: Bug Bug
Assignee: Logback dev list
Created: 01/Jan/13 10:05 PM
Description: Static code analysis reveals that

ch.qos.logback.classic.db.DBAppender.bindLoggingEventWithInsertStatement:

-------------
  void bindLoggingEventArgumentsWithPreparedStatement(PreparedStatement stmt,
      Object[] argArray) throws SQLException {
    
    int arrayLen = argArray != null ? argArray.length : 0;
    
    for(int i = 0; i < arrayLen && i < 4; i++) {
      stmt.setString(ARG0_INDEX+i, asStringTruncatedTo254(argArray[i]));
    }
    if(arrayLen < 4) {
      for(int i = arrayLen; i < 4; i++) {
        stmt.setString(ARG0_INDEX+i, null);
      }
    }
  }
-------------

has a potential null pointer access in:

    for(int i = 0; i < arrayLen && i < 4; i++) {
      stmt.setString(ARG0_INDEX+i, asStringTruncatedTo254(argArray[i]));
    }

Indeed, argArray may be null at that location, but that's not a problem because in that case arrayLen has been set to 0.

But then, do the ARG0_INDEX+i have appropriate values in

----------
    if(arrayLen < 4) {
      for(int i = arrayLen; i < 4; i++) {
        stmt.setString(ARG0_INDEX+i, null);
      }
    }
----------

Project: logback
Priority: Major Major
Reporter: David Tonhofer
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira