...
When defensive copying is necessary, make the defensive copies before parameter validation, and validate the copies rather than the original parameters. See guideline rule SER07-J. Make defensive copies of private mutable components for additional information.
...
Search for vulnerabilities resulting from the violation of this guideline rule on the CERT website.
Bibliography
...