SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 115

changes.mady.by.user David Svoboda

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM cost reform

The contracts of the read methods for InputStream and Reader classes and their subclasses are complicated with regard to filling byte or character arrays. According to the Java API [API 2014] for the class InputStream, the read(byte[] b) method and the read(byte[] b, int off, int len) method , provides provide the following behavior:

The default implementation of this number of bytes actually read is returned as an integer. This method blocks until the requested amount of input data len has been readis available, end of file is detected, or an exception is thrown. Subclasses are encouraged to provide a more efficient implementation of this method.

According to the Java API for the However, the read(byte[] b, int off, int len) method

reads some number of bytes from the input stream and stores them into the buffer array b. The number of bytes actually read is returned as an integer. The number of bytes read is, at most, equal to the length of b.

:

An attempt is made to read as many as len bytes, but a smaller number may be read, possibly zero. 

Both read The read() methods return as soon as they find available input data. As a result, these methods can stop reading data before the array is filled because the available data may be insufficient to fill the array.

The documentation for the analogous read methods in Reader return the number of characters read, which implies that they also need not fill the char array provided as an argument.

Ignoring the result returned by the read() methods is a violation of EXP00-J. Do not ignore values returned by methods. Security issues can arise even when return values are considered because the default behavior of the read() methods lacks any guarantee that the entire buffer array is filled. Consequently, when using read() to fill an array, the program must check the return value of read() and must handle the case where the array is only partially filled. In such cases, the program may try to fill the rest of the array, or work only with the subset of the array that was filled, or throw an exception.

...

Incorrect use of the read() method can result in the wrong number of bytes being read or character sequences being interpreted incorrectly.

Rule

Severity

Likelihood

Remediation Cost

Detectable

Repairable

Priority

Level

FIO10-J

Low

Unlikely

Medium

No

No

P2

P1

L3

Automated Detection

ToolVersionCheckerDescription
Parasoft Jtest
Include Page
Parasoft_V
Parasoft_V
CERT.FIO10.NASSIGIOEnsure the return values of specified file I/O methods are used
SonarQube
Include Page
SonarQube_V
SonarQube_V
S2674


Related Guidelines

MITRE CWE

CWE-135, Incorrect Calculation of Multi-byte String Length

Bibliography

[API 2006]

Class InputStream
Class DataInputStream

[Chess 2007]

Section 8.1, "Handling Errors with Return Codes"

[Harold 1999]

Chapter 7, "Data Streams, Reading Byte Arrays"

[Phillips 2005]

 

...



...

Image Modified Image Modified Image Modified