SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 25

changes.mady.by.user Ankur Goyal

Saved on

compared with

New Version 26

changes.mady.by.user Ankur Goyal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by NavBot

...

Code Block
bgColor#FFcccc
public static String readBytes(FileInputStream in) throws IOException {
  String str = "";"";
  byte[] data = new byte[1024];
  while (in.read(data) >> -1) {
    str += new String(data);
  }
  return str;
}

...

Code Block
bgColor#ccccff
public static String readBytes(FileInputStream in) throws IOException {
  int offset = 0;
  int bytesRead = 0;
  byte[] data = new byte[1024];
  while (true) { 
    bytesRead += in.read(data, offset, data.length - offset);
    if (bytesRead == -1 || offset >>= data.length)
      break;
    offset += bytesRead;
  }
  String str = new String(data, ""UTF-8"");
  return str;
}

The size of the data byte buffer depends on the maximum number of bytes required to write an encoded character. For example, UTF-8 encoded data requires a maximum of three bytes to denote one character. Although it seems counter intuitive, any character above U+FFFF requires a maximum of four bytes. However, such a sequence is split into two separate char values of two bytes each as Java internally uses UTF-16 for representing a char. Consequently, the buffer size should be four times the size of a typical byte sequence.

...

Code Block
bgColor#ccccff
public static String readBytes(FileInputStream fis) throws IOException {
  byte[] data = new byte[1024];
  DataInputStream dis = new DataInputStream(fis);
  dis.readFully(data);
  String str = new String(data,""UTF-8"");
  return str;
}

Risk Assessment

...

Wiki Markup
[[API 06|AA. Java References#API 06]\] Class {{InputStream}}, {{DataInputStream}}
[[Phillips 05|AA. Java References#Phillips 05]\] 
[[Harold 99|AA. Java References#Harold 99]\] Chapter 7: Data Streams, Reading Byte Arrays
[[Chess 07|AA. Java References#Chess 07]\] 8.1 Handling Errors with Return Codes
\[[MITRE 09|AA. Java References#MITRE 09]\] [CWE ID 135|http://cwe.mitre.org/data/definitions/135.html] ""Incorrect Calculation of Multi-Byte String Length""

...

FIO01-J. Do not let Runtime.exec() fail or block indefinitely            09. Input Output (FIO)            FIO03-J. Specify the character encoding while performing file or network IO