The char type is the only unsigned primitive type in Java. As a result, a signed value cannot be stored and retrieved successfully from a variable of type char.
In particular, comparing a value of type {{char}} with -1 will never yield {{true}}. However, because the method {{read()}} returns -1 to indicate {{EOF}}, it is tempting to try to compare the character returned by {{read()}} with -1. This is a common error \[[Pugh 08|AA. Java References#Pugh 08]\]. |
In this noncompliant code, the int returned by the read() method is cast directly to a char, and that is compared with -1 to try to detect EOF. This conversion leaves the value of c as 0xffff (Character.MAX_VALUE) instead of -1. Hence, this test never evaluates to true.
char c;
while ((c=(char)in.read())!= -1) { ... }
|
Always use a signed type of sufficient size to store signed data. To be compliant, use an int type to check for EOF while reading in data. If the int value returned by read() is not -1, then it can be safely cast to a char.
int c;
while ((c=in.read())!= -1) {ch = (char)c; ... }
|
Storing signed data in a variable of the unsigned type char can lead to misinterpreted data and possibly to memory leaks. Furthermore, comparing a value of type char with -1 never evaluates to true. This error could lead to a denial of service attack.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
INT35-J |
low |
unlikely |
low |
P3 |
L3 |
TODO
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
This rule appears in the C Secure Coding Standard as FIO34-C. Use int to capture the return value of character IO functions.
This rule appears in the C++ Secure Coding Standard as FIO34-CPP. Use int to capture the return value of character IO functions.
\[[API 06|AA. Java References#API 06]\] Class {{InputStream}}
\[[JLS 05|AA. Java References#JLS 05]\] 4.2 Primitive Types and Values
\[[Pugh 08|AA. Java References#Pugh 08]\] "Waiting for the end" |