The {{char}} type is the only unsigned primitive type in Java. As a result, a signed value cannot be stored and retrieved successfully from a variable of type {{char}}. In particular, comparing a value of type {{char}} with -1 will never yield {{true}}. However, because the method {{read()}} returns -1 to indicate the End of File ({{EOF}}) condition, it is tempting to compare the character returned by {{read()}} with -1. This is a common error \[[Pugh 08|AA. Java References#Pugh 08]\]. |
This noncompliant code example casts the value of type int returned by the read() method directly to a value of type char which is compared with -1 to try to detect EOF. This conversion leaves the value of c as 0xffff (Character.MAX_VALUE) instead of -1. As a result, this test never evaluates to true.
char c;
while ((c = (char) in.read()) != -1) {
// ...
}
|
Always use a signed type of sufficient size to store signed data. To be compliant, use a value of type int to check for EOF while reading in data. If the value of type int returned by read() is not -1, then it can be safely cast to a value of type char.
int c;
while ((c = in.read()) != -1) {
ch = (char) c;
}
|
Storing signed data in a variable of the unsigned type char can lead to misinterpreted data and possibly memory leaks. Furthermore, comparing a value of type char with -1 never evaluates to true. This error can result in a denial-of-service.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
INT35- J |
low |
unlikely |
low |
P3 |
L3 |
FindBugs version 1.3.9 can detect violations of this rule with the INT: Bad comparison of nonnegative value with negative constant detector.
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
This rule appears in the C Secure Coding Standard as FIO34-C. Use int to capture the return value of character IO functions.
This rule appears in the C++ Secure Coding Standard as FIO34-CPP. Use int to capture the return value of character IO functions.
\[[API 06|AA. Java References#API 06]\] Class {{InputStream}}
\[[JLS 05|AA. Java References#JLS 05]\] 4.2 Primitive Types and Values
\[[Pugh 08|AA. Java References#Pugh 08]\] "Waiting for the end" |
INT00-J. Perform explicit range checking to ensure integer operations do not overflow 06. Integers (INT) INT36-J. Use shift operators correctly