SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 121

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 122

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by NavBot (vkp) v1.0

Wiki Markup
According to Sun's Secure Coding Guidelines document \[[SCG 2007|AA. Java References#SCGBibliography#SCG 07]\]

The (Java) language is type-safe, and the runtime provides automatic memory management and range-checking on arrays. These features also make Java programs immune to the stack-smashing and buffer overflow attacks possible in the C and C++ programming languages, and that have been described as the single most pernicious problem in computer security today.

...

Wiki Markup
According to the Java Language Specification \[[JLS 2005|AA. JavaBibliography#JLS References#JLS 05]\], section 4.2.2 Integer Operations

...

Wiki Markup
According to the Java Language Specification \[[JLS 2005|AA. Java References#JLSBibliography#JLS 05]\], section 4.2.1 "Integral Types and Values", the values of the integral types are integers in the following ranges:

...

Wiki Markup
Failing to account for integer overflow has resulted in failures in real systems, for instance, when implementing the {{compareTo()}} method. The {{compareTo()}} method does not care about the magnitude of the operands but only about the sign. Consequently, an optimization is to simply subtract the operands and return the result. For nonpositive operands, this can result in integer overflow and violation of the {{compareTo()}} contract \[[Bloch 2008, item 12|AA. Java References#BlochBibliography#Bloch 08]\].

Addition

Addition (as with all arithmetic operations) in Java is performed on signed numbers only as unsigned numbers are unsupported. One exception is the unsigned char type. Performing arithmetic operations that use operands of type char is strongly discouraged.

...

  • Wiki Markup
    When the value to be shifted (left-operand) is of type {{long}}, only the last 6 bits of the right-hand operand are used to perform the shift. The shift distance is the value of the right-hand operand masked by 63 (0x3D) \[[JLS 2003|AA. JavaBibliography#JLS References#JLS 03]\]. (That is to say, the shift value is always between 0 and 63. If the shift value is greater than 64, then the shift is {{value % 64}}.)

...

Wiki Markup
This noncompliant code example attempts to shift the value {{i}} of type {{int}} until, after 32 iterations, the value becomes 0. Unfortunately, this loop never terminates because an attempt to shift a value of type {{int}} by 32 bits results in the original value rather than the value 0 \[[Bloch 2005|AA. Java References#BlochBibliography#Bloch 05]\].

Code Block
bgColor#FFcccc
int i = 0;
while ((-1 << i) != 0)
  i++;

...

Wiki Markup
The {{compareAndSet()}} method takes two arguments, the expected value of a variable when the method is invoked and the updated value. This compliant solution uses this method to atomically set the value of {{itemsInInventory}} to the updated value if and only if the current value equals the expected value \[[API 2006|AA. Java References#APIBibliography#API 06]\]. The while loop ensures that the {{removeItem()}} method succeeds in decrementing the most recent value of {{itemsInInventory}} as long as the inventory count is greater than {{MIN_INVENTORY}}. Refer to guideline [VNA02-J. Ensure that compound operations on shared variables are atomic] for more details.

...

Wiki Markup
\[[SCG 2007|AA. JavaBibliography#SCG References#SCG 07]\] Introduction
\[[JLS 2003|AA. Java References#JLSBibliography#JLS 03]\] 4.2.2 Integer Operations and 15.22 Bitwise and Logical Operators
\[[Tutorials 2008|AA. Java References#TutorialsBibliography#Tutorials 08]\] Primitive Data Types
\[[Seacord 2005|AA. JavaBibliography#Seacord References#Seacord 05]\] Chapter 5. Integers
\[[Bloch 2005|AA. JavaBibliography#Bloch References#Bloch 05]\] Puzzle 27: Shifty i's
\[[MITRE 2009|AA. Java References#MITREBibliography#MITRE 09]\] [CWE ID 682|http://cwe.mitre.org/data/definitions/682.html] "Incorrect Calculation", [CWE ID 190|http://cwe.mitre.org/data/definitions/190.html] "Integer Overflow or Wraparound", [CWE ID 191|http://cwe.mitre.org/data/definitions/191.html]  "Integer Underflow (Wrap or Wraparound)"

...