SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 35

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version 36

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Software vulnerabilities can result when a programmer fails to consider all possible data states.

Noncompliant Code Example (

...

if Chain)

This noncompliant code example fails to test for conditions in which a is neither b nor c. This may be the correct behavior in this case, but failure to account for all the values of a can result in logic errors if a unexpectedly assumes a different value.

Code Block
bgColor#FFCCCC
if (a == b) {
  /* ... */
}
else if (a == c) {
  /* ... */
}

Compliant Solution (

...

if Chain)

This compliant solution explicitly checks for the unexpected condition and handles it appropriately:

Code Block
bgColor#ccccff
if (a == b) {
  /* ... */
}
else if (a == c) {
  /* ... */
}
else {
  /* Handle error condition */
}

Noncompliant Code Example (

...

switch)

Even though x is supposed to represent a bit (0 or 1) in the following this noncompliant code example, some previous error may have allowed x to assume a different value. Detecting and dealing with that inconsistent state now sooner rather than later will make makes the error easier to find and may prevent security violations.

Code Block
bgColor#ffcccc
switch(x) {
  case 0: foo(); break;
  case 1: bar(); break;
}

Compliant Solution (

...

switch)

This compliant solution provides the default label to handle all valid possible values of type int:

Code Block
bgColor#ccccff
switch(x) {
  case 0: foo(); break;
  case 1: bar(); break;
  default: /* Handle error */ break;
}

...

Code Block
bgColor#FFCCCC
final static int ORIGIN_YEAR = 1980;
public void zune_nce1(long days){  /* Number of days since January 1, 1980 */
public void convertDays(long days){  
	int year = ORIGIN_YEAR;
    /* ... */
    while (days > 365) {
    	if (IsLeapYear(year)) {
        	if (days > 366) {
            	days -= 366;
              	year += 1;
            }
        } else {
            days -= 365;
            year += 1;
        }
    }
}

The original ConvertDays method () function in the real-time clock (RTC) routines for the MC13783 PMIC RTC takes the number of days since January 1, 1980, and computes the correct year and number of days since January 1 of the correct year.

...

Code Block
bgColor#ccccff
final static int ORIGIN_YEAR = 1980;
public void zune_cs1(long days){   /* Number of days since January 1, 1980 */
public void convertDays(long days){    
	int year = ORIGIN_YEAR;
    /* ... */
    int daysThisYear = (IsLeapYear(year) ? 366 : 365);
    while (days > daysThisYear) {
    	days -= daysThisYear;
        year += 1;
        daysThisYear = (IsLeapYear(year) ? 366 : 365);
    }
}

This compliant solution is for illustrative purposes and is not necessarily may differ from the solution implemented by Microsoft.

...

[Hatton 1995]§2.7.2, "Errors of Omission and Addition"
[Viega 2005]§5.2.17, "Failure to Account for Default Case in Switch"
[Zadegan 2009]A Lesson on Infinite Loops  (for analysis on the Zune 30 bug)

 

...