SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 55

changes.mady.by.user Masaki Kubo

Saved on

compared with

New Version 56

changes.mady.by.user Masaki Kubo

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

Wiki MarkupBuffer classes defined in the {{java.nio}} package, such as {{IntBuffer}}, {{CharBuffer}}, and {{ByteBuffer}}, define a variety of {{wrap()}} methods that wrap an array of the corresponding primitive data type into a buffer and return the buffer as a {{Buffer}} object. Although these methods create a new {{Buffer}} object, the new {{Buffer}} is backed by the given input array. According to the Java API for these methods \ [[API 2006|AA. References#API 06]\],

The new buffer will be backed by the given character array; that is, modifications to the buffer will cause the array to be modified and vice versa.

...

Sound automated detection of this vulnerability is not feasible. Heuristic approaches may be useful.

Bibliography

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ed17e0cf-3675-4d2f-9b36-157ddfbfa542"><ac:plain-text-body><![CDATA[

[ [API 2006AA. References#API 06] ]

class CharBuffer]]></ac:plain-text-body></ac:structured-macro><ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="400292e6-a098-4d2f-9dab-04ec64ae884b"><ac:plain-text-body><!

[CDATA[ [[Hitchens 2002AA. References#Hitchens 02]]

2.3 Duplicating Buffers ]]></ac:plain-text-body></ac:structured-macro>

...

      12. Input Output (FIO)      FIO06-J. Do not create multiple buffered wrappers on a single InputStream