Skip to content

Commit d28345f

Browse files
markushiclaude
andauthored
fix(core): Guard clearSession with session lock to prevent NPE (#5657)
* fix(core): Guard clearSession with session lock to prevent NPE clearSession() reset the session field without acquiring sessionLock, unlike the other session mutators (startSession, endSession, withSession). This allowed it to null out the session between a null-check and a dereference (e.g. session.clone()) in those locked methods, leading to a NullPointerException. Acquire sessionLock so all session mutations are mutually exclusive. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * changelog * changelog * changelog --------- Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
1 parent d8b6ce1 commit d28345f

2 files changed

Lines changed: 7 additions & 1 deletion

File tree

CHANGELOG.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,10 @@
22

33
## Unreleased
44

5+
### Fixes
6+
7+
- Fix potential NPE within `Scope.endSession()` ([#5657](https://github.com/getsentry/sentry-java/pull/5657))
8+
59
### Performance
610

711
- Speed up touch gesture target detection on deeply nested view hierarchies by hit-testing in local coordinates instead of calling `getLocationOnScreen` per view ([#5595](https://github.com/getsentry/sentry-java/pull/5595))

sentry/src/main/java/io/sentry/Scope.java

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1147,7 +1147,9 @@ public SentryOptions getOptions() {
11471147
@ApiStatus.Internal
11481148
@Override
11491149
public void clearSession() {
1150-
session = null;
1150+
try (final @NotNull ISentryLifecycleToken ignored = sessionLock.acquire()) {
1151+
session = null;
1152+
}
11511153
}
11521154

11531155
@ApiStatus.Internal

0 commit comments

Comments
 (0)