Java does not support the use of unsigned types, except for the The only unsigned primitive integer type in Java is the 16 bit char datatype. Sometimes, it is necessary to ; all of the other primitive integer types are signed. To interoperate with native languages such as C or C++ that use unsigned types extensively. The standard practice to deal with unsigned input is to read values into Java's larger signed primitives, read unsigned values into the next larger Java signed primitive integer type. For example, use a signed long can be used to hold an unsigned 32-bit integer value obtained from native code.
Noncompliant Code Example
This noncompliant code example incorrectly uses a generic method for reading in integer data irrespective without considering the signedness of the signednesssource. It assumes that the value is values read are always signed and treats the most significant bit (MSB) as the sign bit causing misinterpretations about . When the data being read is unsigned, this causes misinterpretations of the actual sign and magnitude of the integervalue.
| Code Block | ||
|---|---|---|
| ||
public static int getInteger(DataInputStream is) throws IOException {
return is.readInt();
}
|
...
This compliant solution assumes that the unsigned integer has 32 bitsvalues being read are 32-bit unsigned integers. It reads in an unsigned integer value into a long variable using the readInt() method. If the read integer is unsigned, the most significant bit may be turned on. Consequently, all the higher order bits of the resulting long are set because of sign extension, and these must be masked off as demonstrated. For other integer sizes, the mask size should vary depending on The readInt() method assumes signed values and returns a signed Java int; the return value is converted to a long with sign extension. The code uses a logical-& operation to mask off the upper 32-bits of the long; this produces a value in the range of a 32-bit unsigned integer, as intended. The mask size should be chosen to match the size of the unsigned integer values being read.
| Code Block | ||
|---|---|---|
| ||
public static long getInteger(DataInputStream is) throws IOException {
return is.readInt() & 0xFFFFFFFFL; // mask with 32 one-bits
}
|
As a general rule, you must be aware of the signed-ness of the data you are reading.
Risk Assessment
Treating an unsigned type data as signed can result in misinterpretations though it were signed will produce incorrect values and can lead to lost or misinterpreted data.
Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
INT08-J | low | unlikely | medium | P2 | L3 |
Automated Detection
TODOAutomated detection is infeasible in the general case.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this guideline on the CERT website.
...