Catch NullPointerException

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

This article includes content generously donated to OWASP by

Last revision (mm/dd/yy): 08/31/2015

Vulnerabilities Table of Contents

Description

It is generally a bad practice to catch NullPointerException.

Programmers typically catch NullPointerException under three circumstances:

1. The program contains a null pointer dereference. Catching the resulting exception was easier than fixing the underlying problem.
2. The program explicitly throws a NullPointerException to signal an error condition.
3. The code is part of a test harness that supplies unexpected input to the classes under test.

Of these three circumstances, only the last is acceptable.

Risk Factors

TBD

Examples

The following code mistakenly catches a NullPointerException.

	  try {
		mysteryMethod();
	  }
	  catch (NullPointerException npe) {
	  }

Related Attacks

• Attack 1
• Attack 2

Related Vulnerabilities

• Vulnerability 1
• Vulnerabiltiy 2

Related Controls

• Category:Error Handling

Related Technical Impacts

• Technical Impact 1
• Technical Impact 2

References

Note: A reference to related CWE or CAPEC article should be added when exists. Eg:

• CWE 79.
• http://www.link1.com
• Title for the link2