SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 7

changes.mady.by.user Unknown User (lflynn)

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM cost reform

...

This noncompliant code example shows an example where a direct pointer to a Java object is used with erroneous results.

Code Block
bgColor#FFCCCC
 

 


Compliant Solution
In this compliant solution ... 
 
 Code Block
bgColor#CCCCFF
Risk Assessment
If a direct pointer to a Java object is used then erroneous results may be obtained that could lead to the code crashing. This, in turn, could be used to mount a denial of service attack.  In some circumstances, the direct pointer could become a "dangling pointer" which could result in sensitive information being leaked or malicious execution of arbitrary code.
Rule
Severity
Likelihood
Detectable
Remediation Cost
Repairable
Priority
Level
JNI02-J
High
Probable
Low
No
No
P18
P6
L1
L2
Automated Detection
Direct pointers to Java objects can be detected and replaced by indirect handles automatically.
...
Applies to Android API versions 14 (ICE_CREAM_SANDWICH) and above, with Native Development Kit (NDK) 7.
API Levels
14 and above
Bibliography
JNISpec 2014
Java Native Interface Specification
VerifyPreventing JNI Issues
Hughes 2011JNI Local Reference Changes in ICS

...
Image Added Image Added Image Added