Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

Methods invoked from within a finally block can throw an exception. Failure to catch and handle such exceptions results in the abrupt termination of the entire try block. This causes any exception thrown in the try block to be lost, preventing any possible recovery method from handling that specific problem. Additionally, the transfer of control associated with the exception may prevent execution of any expressions or statements that occur after the point in the finally block from which the exception is thrown. Consequently, programs must appropriately handle checked exceptions that are thrown from within a finally block.

Allowing checked exceptions to escape a finally block also violates rule ERR04-J. Do not complete abruptly from a finally block.

Noncompliant Code Example

This noncompliant code example contains a finally block that closes the reader object. The programmer incorrectly assumes that the statements in the finally block cannot throw exceptions and consequently fails to appropriately handle any exception that may arise.

Code Block
bgColor#FFCCCC
public class Operation {
  public static void doOperation(String some_file) {
    // ... code to check or set character encoding ...
    try {
      BufferedReader reader =
          new BufferedReader(new FileReader(some_file));
      try {
        // Do operations 
      } finally {
        reader.close();
        // ... Other cleanup code ...
      }
    } catch (IOException x) {
      // Forward to handler
    }
  }
}

The close() method can throw an IOException, which, if thrown, would prevent execution of any subsequent cleanup statements. This is a problem that will not be diagnosed by the compiler, because any IOException would be caught by the outer catch block. Also, an exception thrown from the close() operation can mask any exception that gets thrown during execution of the Do operations block, preventing proper recovery.

Compliant Solution (Handle Exceptions in finally Block)

This compliant solution encloses the close() method invocation in a try-catch block of its own within the finally block. Consequently, the potential IOException can be handled without allowing it to propagate further.

Code Block
bgColor#ccccff
public class Operation {
  public static void doOperation(String some_file) {
    // ... code to check or set character encoding ...
    try {
      BufferedReader reader =
          new BufferedReader(new FileReader(some_file));
      try {
        // Do operations 
      } finally {
        try {
          reader.close();
        } catch (IOException ie) {
          // Forward to handler
        }
        // ... Other clean-up code ...
      }
    } catch (IOException x) {
      // Forward to handler
    }
  }
}

Compliant Solution (Java SE 7: try-with-resources)

Java SE 7 introduced a new feature, called try-with-resources, that can close certain resources automatically in the event of an error. This compliant solution uses try-with-resources to properly close the file.

Code Block
bgColor#ccccff
public class Operation {
  public static void doOperation(String some_file) {
    // ... code to check or set character encoding ...
    try ( // try-with-resources
      BufferedReader reader =
          new BufferedReader(new FileReader(some_file))) {
      // Do operations
    } catch (IOException ex) {
      System.err.println("thrown exception: " + ex.toString());
      Throwable[] suppressed = ex.getSuppressed();
      for (int i = 0; i < suppressed.length; i++) {
        System.err.println("suppressed exception: " 
            + suppressed[i].toString());
      }
      // Forward to handler
    }
  }

  public static void main(String[] args) {
    if (args.length < 1) {
      System.out.println("Please supply a path as an argument");
      return;
    }
    doOperation(args[0]);
  }
}

When an IOException occurs in the try block of the doOperation() method, it is caught by the catch block and printed as the thrown exception. This includes exceptions that occur while creating the BufferedReader. When an IOException occurs while closing the reader, that exception is also caught by the catch block and printed as the thrown exception. If both the try block and closing the reader throw an IOException, the catch clause catches both exceptions and prints the try block exception as the thrown exception. The close exception is suppressed and printed as the suppressed exception. In all cases the reader is safely closed.

Risk Assessment

Failure to handle an exception in a finally block may have unexpected results.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

ERR05-J

low

unlikely

medium

P2

L3

Related Guidelines

MITRE CWE

CWE-460. Improper cleanup on thrown exception

 

CWE-584. Return inside finally block

 

CWE-248. Uncaught exception

 

CWE-705. Incorrect control flow scoping

Bibliography

[Bloch 2005]

Puzzle 41. Field and Stream

[Chess 2007]

8.3, Preventing Resource Leaks (Java)

[Harold 1999]

 

[J2SE 2011]

The try-with-resources Statement


      06. Exceptional Behavior (ERR)