...
| Wiki Markup |
|---|
This example implements a {{stack}} data structure \[[EffectiveBloch 08|AA. Java Programming Language Guide, Item 5]\]References#Bloch 08]\] Item 6: Eliminate obsolete object references. The main issue is that it does not allow the garbage collector to de-allocate memory after the {{pop}} operation. The object references are retained even after the element is pop'ed. Such _obsolete references_ are not garbage collected automatically. This can get even more deceitful since none of the objects referenced by the offending object get garbage collected either. |
...
While these examples may not model production scenarios, it is not uncommon to have obsolete references when dealing with data structures such as hash tables that contain many large-sized records.
Risk Assessment
TODOMemory leaks in Java applications may be exploited, resulting in denial-of-service attacks.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC02-J | ?? low ?? | unlikely | ?? high | P?? | L?? |
Automated Detection
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
Effective Java Programming Language Guide, Item 5, Eliminate Obsolete Object References
\[[Gupta 05|AA. Java References#Gupts 05]\]
\[[Bloch 08|AA. Java References#Bloch 08]\] Item 6: Eliminate obsolete object references |