...
This noncompliant code example creates multiple BufferedInputStreams on System.in, because each time getChar() is called it makes a new BufferedInputStream. Note that it does not matter that the old BufferedInputStream will have "expired" by the time the new one is created. Note that while this code uses a BufferedInputStream to illustrate that any buffered wrapper is unsafe, it is also exploitable if a Scanner is used instead.
...