...
This compliant solution requires that the values read are 32-bit unsigned integers. It reads an unsigned integer value using the readInt() method. The readInt() method assumes signed values and returns a signed int; the return value is converted to a long with sign extension. The code uses an & operation to mask off the upper 32 bits of the long; , producing a value in the range of a 32-bit unsigned integer, as intended. The mask size should be chosen to match the size of the unsigned integer values being read.
| Code Block | ||
|---|---|---|
| ||
public static long getInteger(DataInputStream is) throws IOException {
return is.readInt() & 0xFFFFFFFFL; // maskMask with 32 one-bits
}
|
As a general principle, you should always be aware of the signedness of the data you are reading.
...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
NUM03-J | lowLow | unlikelyUnlikely | mediumMedium | P2 | L3 |
Automated Detection
Automated detection is infeasible in the general case.
Bibliography
[API 2006] | Class |
Chapter 2, "Primitive Data Types, Cross-Platform Issues, Unsigned Integers" | |
Section 2.4.5, "Accessing Unsigned Data" | |
| [Seacord 2015] |
...