 
                            Methods invoked from within a finally block can throw an exception. Failure to catch and handle such exceptions results in the abrupt termination of the entire try block. Abrupt termination causes any exception thrown in the try block to be lost, preventing any possible recovery method from handling that specific problem. Additionally, the transfer of control associated with the exception may prevent execution of any expressions or statements that occur after the point in the finally block from which the exception is thrown. Consequently, programs must appropriately handle checked exceptions that are thrown from within a finally block.
Allowing checked exceptions to escape a finally block also violates ERR04-J. Do not complete abruptly from a finally blockAn exception can occur in the finally block despite compile-time checking. This can prevent other clean-up statements from being executed.
Noncompliant Code Example
This noncompliant code example uses contains a finally block that closes the reader object. However, it is incorrectly assumed The programmer incorrectly assumes that the statements occurring in the finally block cannot throw exceptions and consequently fails to appropriately handle any exception that may arise.
| Code Block | ||
|---|---|---|
| 
 | ||
| public class Operation { privatepublic static void doOperation(String some_file) throws IOException { // ... Code to check or set character encoding ... try { BufferedReader reader = new BufferedReader(new FileReader(some_file)); try { // Do operations } finally { reader.close(); // ... Other clean-upcleanup code ... } } public static} voidcatch main(String[]IOException argsx) throws{ IOException { String// pathForward = "somepath";to handler doOperation(path);} } } | 
Notably, the The close() method can throw an IOException which prevents any subsequent clean-up statements from being executed. This is not detected at compile time because the type of exception that close() throws is the same as the type of exceptions that methods read() and write() throw, which, if thrown, would prevent execution of any subsequent cleanup statements. This problem will not be diagnosed by the compiler because any IOException would be caught by the outer catch block. Also, an exception thrown from the close() operation can mask any exception that gets thrown during execution of the Do operations block, preventing proper recovery.
Compliant Solution (
...
Handle Exceptions in finally Block)
This compliant solution correctly places encloses the close() statement method invocation in a try-catch block of its own within the finally block. As a result, an Consequently, the potential IOException can be handled without letting allowing it to propagate any further.
| Code Block | ||
|---|---|---|
| 
 | ||
| public class Operation { public static void doOperation(String some_file) throws IOException { // ... Code to check or set character encoding ... try { BufferedReader reader = new BufferedReader(new FileReader(some_file)); try { // Do operations } finally { try { // Enclose in try-catch block reader.close(); } catch (IOException ie) { // Forward to handler } // ... Other clean-upcleanup code ... } } public static} voidcatch main(String[]IOException argsx) throws{ IOException { String// pathForward = "somepath";to handler doOperation(path);} } } | 
Compliant Solution (
...
try-with-resources)
Java SE 7 introduced a feature called try-with-resources that can close certain resources automatically in the event of an error. This compliant solution uses try-with-resources to properly close the fileIf there is a frequent need to close a stream without throwing an exception, an alternative solution to wrapping every call to close() in its own try-catch block is to use a closeIgnoringException() method, as shown in this compliant solution.
| Code Block | ||
|---|---|---|
| 
 | ||
| public class Operation { public static void doOperation(String some_file) throws IOException { { // ... Code to check or set character encoding ... try ( // try-with-resources BufferedReader reader = new BufferedReader(new FileReader(some_file)); try ) { // Do operations } finallycatch (IOException ex) { closeIgnoringException(readerSystem.err.println("thrown exception: " + ex.toString()); // Other clean-up code Throwable[] suppressed = ex.getSuppressed(); } for }(int i = private0; statici void closeIgnoringException(BufferredReader s< suppressed.length; i++) { if (s != null) { System.err.println("suppressed exception: " try { s.close+ suppressed[i].toString()); } catch (IOException ie) { // IgnoreForward exception if close fails to handler } } } public static void main(String[] args) throws IOException { if (args.length < 1) { doOperation("somepath System.out.println("Please supply a path as an argument"); return; } doOperation(args[0]); } } | 
When an IOException occurs in the try block of the doOperation() method, it is caught by the catch block and printed as the thrown exception. Exceptions that occur while creating the BufferedReader are included. When an IOException occurs while closing the reader, that exception is also caught by the catch block and printed as the thrown exception. If both the try block and closing the reader throw an IOException, the catch clause catches both exceptions and prints the try block exception as the thrown exception. The close exception is suppressed and printed as the suppressed exception. In all cases, the reader is safely closed.
Risk Assessment
Failing Failure to handle an exception in a finally block can lead to may have unexpected results.
| Rule | Severity | Likelihood | 
|---|
| Detectable | Repairable | Priority | Level | 
|---|
| ERR05-J | 
| Low | Unlikely | 
| Yes | 
| No | P2 | L3 | 
Automated Detection
TODO
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Bibliography
| Wiki Markup | 
|---|
| \[[Bloch 2005|AA. Bibliography#Bloch 05]\] Puzzle 41: Field and Stream
\[[Harold 1999|AA. Bibliography#Harold 99]\]
\[[Chess 2007|AA. Bibliography#Chess 07]\] 8.3 Preventing Resource Leaks (Java) | 
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Coverity | 7.5 | PW.ABNORMAL_TERMINATION_ OF_FINALLY_BLOCK | Implemented | ||||||
| Klocwork | 
 | JD.UNCAUGHT | |||||||
| Parasoft Jtest | 
 | CERT.ERR05.ARCF CERT.ERR05.ATSF | Avoid using 'return's inside 'finally blocks if thare are other 'return's inside the try-catch block Do not exit "finally" blocks abruptly | ||||||
| SonarQube | 
 | S1163 | Exceptions should not be thrown in finally blocks | 
Related Guidelines
| CWE-248, Uncaught Exception CWE-460, Improper Cleanup on Thrown Exception CWE-584, Return inside  CWE-705, Incorrect Control Flow Scoping CWE-754, Improper Check for Unusual or Exceptional Conditions | 
Bibliography
| Puzzle 41, "Field and Stream" | |
| Section 8.3, "Preventing Resource Leaks (Java)" | |
| The  | 
...
EXC04-J. Do not exit abruptly from a finally block 17. Exceptional Behavior (EXC) EXC06-J. Do not allow exceptions to transmit sensitive information