The abstract InputStream.read() method reads a single byte from an input source , and returns its value as an int, in the range 0 to 255. It will return -1 only when the end of the input stream has been reached. The similar Reader.read() method reads a single character, and returns its value as an int, in the range 0 -to 65,535. It also returns -1 only when the end of the stream has been reached. Both methods are meant to be overridden by subclasses.
These methods are often used to read a byte or character from a stream. Unfortunately, many programmers prematurely convert the resulting int back to a byte or char before checking whether they have reached the end of the stream (signaled by a return value of -1). Programs must check for end of stream (e.g., -1) before narrowing the return value to a byte or char.
This rule applies to any InputStream or Reader subclass that provide an implementation of the read() method. This rule is a specific instance of rule NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data.
...
This noncompliant code example casts the value returned by the read() method directly to a value of type byte, and then compares this value with -1 in an attempt to detect the end of the stream.
...
When the return value of read() method is cast to the byte value 0xFF, it will be the returned byte value is indistinguishable from the -1 value used to indicate the end of stream, because the byte value is promoted and sign-extended to an int before being compared with -1.
...
Historically, using a narrow type to capture the return value of a byte input function method has resulted in significant vulnerabilities, including command injection attacks; see CA-1996-22 advisory. Consequently, the severity of this error is high.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
FIO08-J | high | probable | medium | P12 | L1 |
Automated Detection
FindBugs version 1.3.9 Some static analysis tools can detect violations of this rule with the INT: Bad comparison of nonnegative value with negative constant detector.
Related Guidelines
FIO34-C. Use {{int}} to capture the return value of character IO functions | |
FIO34-CPP. Use {{int}} to capture the return value of character IO functions |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="06b5efe36732bbf5-cf2e591f-4acb4d99-9d48b060-24aaf31fe149cf74d2f90b14"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | Class | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="be598e01b78ef91e-a33d2a2a-4de94354-83a4b274-3cb13b8186be832385bc023f"><ac:plain-text-body><![CDATA[ | [[JLS 2005 | AA. Bibliography#JLS 05]] | [§4.2 | http://java.sun.com/docs/books/jls/third_edition/html/typesValues.html#4.2] " Primitive Types and Values " | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="836dcf541659e51f-4bd8316c-41d448e6-9e54bff6-04c1f7a72f089e7a2d33b855"><ac:plain-text-body><![CDATA[ | [[Pugh 2008 | AA. Bibliography#Pugh 08]] | " Waiting for the end" End | ]]></ac:plain-text-body></ac:structured-macro> |
...