SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 85

changes.mady.by.user Robert Seacord (Manager)

Saved on

compared with

New Version 86

changes.mady.by.user Shannon Haas

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Allowing checked exceptions to escape a finally block also violates rule ERR04-J. Do not exit abruptly from a finally block.

...

This noncompliant code example contains a finally block that closes the reader object. The programmer incorrectly assumes that the statements in the finally block cannot throw exceptions , and consequently fails to appropriately handle any exception that may arise.

Code Block
bgColor#FFCCCC
public class Operation {
  public static void doOperation(String some_file) {
    // ... code to check or set character encoding ...
    try {
      BufferedReader reader =
          new BufferedReader(new FileReader(some_file));
      try {
        // Do operations 
      } finally {
        reader.close();
        // ... Other clean-upcleanup code ...
      }
    } catch (IOException x) {
      // Forward to handler
    }
  }
}

The close() method can throw an IOException, which, if thrown, would prevent execution of any subsequent clean-up cleanup statements. The compiler correctly fails to diagnose this problem because any IOException would be caught by the outer catch block. Also, an exception thrown from the close() operation can also mask any exception that gets thrown during execution of the "Do operations" block, preventing proper recovery.

...

Code Block
bgColor#ccccff
public class Operation {
  public static void doOperation(String some_file) {
    // ... code to check or set character encoding ...
    try {
      BufferedReader reader =
          new BufferedReader(new FileReader(some_file));
      try {
        // Do operations 
      } finally {
        try {
          reader.close();
        } catch (IOException ie) {
          // Forward to handler
        }
        // ... Other clean-up code ...
      }
    } catch (IOException x) {
      // Forward to handler
    }
  }
}

...

Code Block
bgColor#ccccff
public class Operation {
  public static void doOperation(String some_file) {
    // ... code to check or set character encoding ...
    try (
      BufferedReader reader =
          new BufferedReader(new FileReader(some_file))) {
      // Do operations
    } catch (IOException ex) {
      System.err.println("thrown exception: " + ex.toString());
      Throwable[] suppressed = ex.getSuppressed();
      for (int i = 0; i < suppressed.length; i++) {
        System.err.println("suppressed exception: " 
            + suppressed[i].toString());
      }
      // Forward to handler
    }
  }

  public static void main(String[] args) {
    if (args.length < 1) {
      System.out.println("Please supply a path as an argument");
      return;
    }
    doOperation(args[0]);
  }
}

When an IOException occurs in the try block of the doOperation() method, it is caught by the catch block and printed as the thrown exception. This includes both any exceptions while doing operations and also any exceptions incurred while creating the BufferedReader. When an IOException occurs while closing the reader, that exception is also caught by the catch block and printed as the thrown exception. When both the try block and also closing the reader throw an IOException, the catch clause catches both exceptions and prints the try- block exception as the thrown exception. The close exception is suppressed and printed as the suppressed exception. In all cases the reader is safely closed.

...

Related Guidelines

MITRE CWE

CWE-460, ". Improper Cleanup on Thrown Exception" cleanup on thrown exception

 

CWE-584, "Return Inside Finally Block" . Return inside finally block

 

CWE-248, ". Uncaught Exception" exception

 

CWE-705, "Incorrect Control Flow Scoping" . Incorrect control flow scoping

Bibliography

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="16af482fa3984494-08335cdd-482149f4-bfaa8e54-c1164b8a8534dac110d54f32"><ac:plain-text-body><![CDATA[

[[Bloch 2005

AA. Bibliography#Bloch 05]]

Puzzle 41: . Field and Stream

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="45848721ab56ed1e-4ad44ca0-45c14730-a154baa6-63a3c18d0968e675ba5b8f0b"><ac:plain-text-body><![CDATA[

[[Chess 2007

AA. Bibliography#Chess 07]]

8.3, Preventing Resource Leaks (Java)

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="97960327c187f25e-1fc5a9eb-4d0b4388-bc8383ba-87d65a343232c644476d3e85"><ac:plain-text-body><![CDATA[

[[Harold 1999

AA. Bibliography#Harold 99]]

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="3809a834d6ab4be5-f16991ae-47cb47de-9d5e85ed-2547540b14631302eb59c589"><ac:plain-text-body><![CDATA[

[[J2SE 2011

AA. Bibliography#J2SE 11]]

The try-with-resources Statement

]]></ac:plain-text-body></ac:structured-macro>

...