From b9a570a88944e5cc2fa9445de7b8563a7ddf9871 Mon Sep 17 00:00:00 2001 From: Markus Hintersteiner Date: Mon, 29 Jun 2026 09:29:48 +0200 Subject: [PATCH 1/4] fix(core): Guard clearSession with session lock to prevent NPE clearSession() reset the session field without acquiring sessionLock, unlike the other session mutators (startSession, endSession, withSession). This allowed it to null out the session between a null-check and a dereference (e.g. session.clone()) in those locked methods, leading to a NullPointerException. Acquire sessionLock so all session mutations are mutually exclusive. Co-Authored-By: Claude Opus 4.8 (1M context) --- sentry/src/main/java/io/sentry/Scope.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sentry/src/main/java/io/sentry/Scope.java b/sentry/src/main/java/io/sentry/Scope.java index 9e8d3ee554e..282fc4df67f 100644 --- a/sentry/src/main/java/io/sentry/Scope.java +++ b/sentry/src/main/java/io/sentry/Scope.java @@ -1147,7 +1147,9 @@ public SentryOptions getOptions() { @ApiStatus.Internal @Override public void clearSession() { - session = null; + try (final @NotNull ISentryLifecycleToken ignored = sessionLock.acquire()) { + session = null; + } } @ApiStatus.Internal From 250cb146a94d69631838d954aa3c90aac6effd99 Mon Sep 17 00:00:00 2001 From: Markus Hintersteiner Date: Mon, 29 Jun 2026 09:31:31 +0200 Subject: [PATCH 2/4] changelog --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index eaec96a2e0a..a6386c88f26 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ ## Unreleased +### Fixes + +- Prevent a potential `NullPointerException` by guarding `Scope.clearSession()` with the session lock ([#5657](https://github.com/getsentry/sentry-java/pull/5657)) + ### Performance - Speed up touch gesture target detection on deeply nested view hierarchies by hit-testing in local coordinates instead of calling `getLocationOnScreen` per view ([#5595](https://github.com/getsentry/sentry-java/pull/5595)) From 535456b594511a96c30c1a873fec38754ee89672 Mon Sep 17 00:00:00 2001 From: Markus Hintersteiner Date: Mon, 29 Jun 2026 09:33:17 +0200 Subject: [PATCH 3/4] changelog --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a6386c88f26..2a97f3ebe91 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ ### Fixes -- Prevent a potential `NullPointerException` by guarding `Scope.clearSession()` with the session lock ([#5657](https://github.com/getsentry/sentry-java/pull/5657)) +- Fix potential NPE within `Scope.clearSession()` ([#5657](https://github.com/getsentry/sentry-java/pull/5657)) ### Performance From e26a7b1391b164454fd55020f7afdeb0096915bb Mon Sep 17 00:00:00 2001 From: Markus Hintersteiner Date: Mon, 29 Jun 2026 09:37:18 +0200 Subject: [PATCH 4/4] changelog --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2a97f3ebe91..dbb532e1f82 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ ### Fixes -- Fix potential NPE within `Scope.clearSession()` ([#5657](https://github.com/getsentry/sentry-java/pull/5657)) +- Fix potential NPE within `Scope.endSession()` ([#5657](https://github.com/getsentry/sentry-java/pull/5657)) ### Performance