...
| Code Block | ||
|---|---|---|
| ||
public static int readSafe(BufferedReader buffer, char[] cbuf, int off, int len) throws IOException {
int read = buffer.read(cbuf, off, len);
if (read == -1) {
throw new EOFException();
} else {
return read;
}
}
// ...
BufferedReader buffRdr;
// set up buffRdr
try {
read = readSafe(buffRdr, chBuff, 0, MAX_READ);
chBuff[read] = TERMINATOR;
} catch (EOFException eof) {
chBuff[0] = TERMINATOR;
}
|
...
Applicability
Using in-band error indicators may result in programmers failing to check status codes or using incorrect return values, resulting in undefined behavior.
...
Guideline
...
...
Likelihood
...
Remediation Cost
...
Priority
...
Level
...
ERR52-JG
...
low
...
probable
...
high
...
P2
...
L3
Automated Detection
Given the comparatively rare occurrence of in-band error indicators in Java, it may be possible to compile a list of all methods that use them and automatically detect their use. However, detecting the safe use of in-band error indicators is not feasible.
Related Guidelines
C Secure Coding Standard: ERR02-C. Avoid in-band error indicators
C++ Secure Coding Standard: ERR07-CPP. Use exception handling rather than error codes
Bibliography