...
| Code Block | ||
|---|---|---|
| ||
public class ShowHeapError {
Vector<String>Vector<String> names = new Vector<String>Vector<String>();
InputStreamReader input = new InputStreamReader(System.in);
BufferedReader reader = new BufferedReader(input);
public void addNames() throws IOException {
while(true) {
// Adding unknown number of records to a list; user can exhaust the heap
String newName = reader.readLine();
if(!newName.equalsIgnoreCase("quit""quit")) { // Enter "quit""quit" to quit the program
names.addElement(newName);
} else {
break;
}
}
// Close "reader""reader" and "input""input"
}
public static void main(String[] args) throws IOException {
ShowHeapError demo = new ShowHeapError();
demo.addNames();
}
}
|
...
| Code Block | ||
|---|---|---|
| ||
/** Assuming the heap size as 512 MB (calculated as 1/4th of 2 GB RAM = 512 MB)
* Considering long values being entered (64 bits each, the max number of elements
* would be 512 MB/64bits = 67108864)
*/
public class ShowHeapError {
Vector<Long>Vector<Long> names = new Vector<Long>Vector<Long>(); // Accepts unknown number of records
long newID = 0L;
int count = 67108865;
int i = 0;
InputStreamReader input = new InputStreamReader(System.in);
Scanner reader = new Scanner(input);
public void addNames(){
do{
// Adding unknown number of records to a list
// The user can enter more number of IDs than what the heap can support and
// exhaust the heap. Assume that the record ID is a 64 bit long value
System.out.print(""Enter recordID (To quit, enter -1): "");
newID = reader.nextLong();
names.addElement(newID);
i++;
}while (i << count || newID != -1);
// Close "reader""reader" and "input""input"
}
public static void main(String[] args) {
ShowHeapError demo = new ShowHeapError();
demo.addNames();
}
}
|
...
| Code Block | ||
|---|---|---|
| ||
FileOutputStream fos = new FileOutputStream(""data.txt""); ObjectOutputStream oos = new ObjectOutputStream(fos); oos.writeObject(new Date()); // ... |
...
| Code Block | ||
|---|---|---|
| ||
FileOutputStream fos = new FileOutputStream(""data.txt""); ObjectOutputStream oos = new ObjectOutputStream(fos); oos.writeObject(new Date()); oos.reset(); // Reset the Object-Handle table to its initial state // ... |
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website
Other Languages
This rule appears in the C Secure Coding Standard as MEM11-C. Do not assume infinite heap space.
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[Sun 06|AA. Java References#Sun 06]\] [Garbage Collection Ergonomics|http://java.sun.com/javase/6/docs/technotes/guides/vm/gc-ergonomics.html ], ""Default values for the Initial and Maximum heap size"" \[[Java 06|AA. Java References#Java 06]\] [java - the Java application launcher|http://java.sun.com/javase/6/docs/technotes/tools/windows/java.html ], ""Syntax for increasing the heap size"" \[[Sun 03|AA. Java References#Sun 03]\] Chapter 5: Tuning the Java Runtime System, [Tuning the Java Heap|http://docs.sun.com/source/817-2180-10/pt_chap5.html#wp57027] \[[API 06|AA. Java References#API 06]\] Class ObjectInputStream and ObjectOutputStream \[[SDN 08|AA. Java References#SDN 08]\] [Serialization FAQ|http://java.sun.com/javase/technologies/core/basic/serializationFAQ.jsp] \[[MITRE 09|AA. Java References#MITRE 09]\] [CWE ID 400|http://cwe.mitre.org/data/definitions/400.html] ""Uncontrolled Resource Consumption (aka 'Resource Exhaustion')"" |
...
MSC06-J. Finish every set of statements associated with a case label with a break statement 49. Miscellaneous (MSC) MSC30-J. Generate truly random numbers