...
| Code Block | ||
|---|---|---|
| ||
class LongContainer {
static long i = 0;
static void one(long j) {
i = j;
}
static void two() {
System.out.println("i = " + i);
}
}
|
A similar problem may occur if i is declared as a double.
...
| Code Block | ||
|---|---|---|
| ||
class LongContainer {
static volatile long i = 0;
static void one(long j) {
i = j;
}
static void two() {
System.out.println("i = " + i);
}
}
|
It is important to ensure that the argument to method one() is obtained from a volatile variable or as a result of explicitly passing an integer value. Otherwise, a read of the variable argument may itself expose a vulnerability.
...
CON25-EX1: If all reads and writes of 64 bit long and double values occur within a synchronized method callregion, the atomicity of the read/write is guaranteed. This requires that no unsynchronized methods in the class expose the value and that the value is inaccessible (directly or indirectly) from other code. (CON01-J. Ensure that compound operations on shared variables are atomic)
...