SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 12

changes.mady.by.user Dhruv Mohindra

Saved on

compared with

New Version 13

changes.mady.by.user Ankur Goyal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by sciSpider Java v3.0

...

Code Block
bgColor#FFcccc
class MemoryLeak {
  public static void main(String[] args) throws IOException {
    ObjectOutputStream out = new ObjectOutputStream(
        new BufferedOutputStream(new FileOutputStream(""ser.dat"")));
    for (int i = 0; i <&lt; 1024; i++) {
      byte[] arr = new byte[100 * 1024];
      Arrays.fill(arr, (byte) i);
      out.writeObject(arr);
    }
    out.close();
  }
  }

...

Code Block
bgColor#ccccff
class NoMemoryLeak {
  public static void main(String[] args) throws IOException {
    ObjectOutputStream out = new ObjectOutputStream(
      new BufferedOutputStream(new FileOutputStream("&quot;ser.dat"&quot;)));
    for (int i = 0; i <&lt; 1024; i++) {
      byte[] arr = new byte[100 * 1024];
      Arrays.fill(arr, (byte) i);
      out.writeObject(arr);
      out.reset(); // Reset the stream
    }
    out.close();
  }
}

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[API 06|AA. Java References#API 06]\]
\[[Sun 06|AA. Java References#Sun 06]\] "&quot;Serialization specification"&quot;
\[[Harold 06|AA. Java References#Harold 06]\] 13.4. Performance

...

SER00-J. Maintain serialization compatibility during class evolution      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;14. Serialization (SER)      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;SER30-J. Do not serialize sensitive data