`Opt.Eq` can cause NullPointerException
bbjubjub2494 opened this issue · 0 comments
bbjubjub2494 commented
The cats.kernel.Eq instance for spire.util.Opt doesn't properly handle cases where only the right hand side is empty. It will pass down a null value to the underlying Eq[A], which can cause inconsistencies and/or null pointer exceptions. I have been able to produce both in this scastie.
Looking at the code, we can see why that is the case:
if (x.isEmpty) y.isEmpty else ev.eqv(x.ref, y.ref)If x is non-empty then the second branch is taken. Even if y.ref is null. Then, ev.eqv is called with null in its second argument.
My suggested fix would be
if (x.isEmpty) y.isEmpty else y.nonEmpty && ev.eqv(x.ref, y.ref)Props go to Dotty explicit nulls for helping me find this issue. (Yes I was porting Opt to Scala 3)