SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 46

changes.mady.by.user Tracey Tamules

Saved on

compared with

New Version 47

changes.mady.by.user Robert Seacord (Manager)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: done

...

The read methods (readByte, readShort, readInt, readLong, readFloat and readDouble) and the corresponding write methods defined by class java.io.DataInputStream operate only on big-endian data. Use of these methods while interoperating with traditional languages, such as C or C++, is unsafe insecure because such languages lack any guarantees about endianness. This noncompliant code example shows such a discrepancy.

...

An alternative compliant solution is to define read and write methods that support the necessary byte-swapping while reading from or writing to the file. In this example, the readLittleEndianInteger() method reads four bytes into a byte buffer and then pieces together the integer in the right correct order. The writeLittleEndianInteger() method obtains bytes by repeatedly casting the integer so that the least significant byte is extracted on successive right shifts. Long values can be handled by defining a byte buffer of size eight.

...

Reading and writing data without considering endianness can lead to serious misinterpretations about of both the magnitude and sign , alikeof the data.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

FIO12-J

low

unlikely

low

P3

L3

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="0cf437d914cc3314-0140b8b2-4aab4cfa-ab3c9b00-72abd9b14fa2326882a01c13"><ac:plain-text-body><![CDATA[

[[API 2006

AA. Bibliography#API 06]]

Class [ByteBuffer

http://download.oracle.com/javase/6/docs/api/java/nio/ByteBuffer.html]: Methods wrap and order. Class [Integer

http://download.oracle.com/javase/6/docs/api/java/lang/Integer.html]: method reverseBytes

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a0f5b339525159ce-ccbc36c0-4ffc4072-a1dba384-ef6eab9a080dc0435a8a4746"><ac:plain-text-body><![CDATA[

[[Cohen 1981

AA. Bibliography#Cohen 81]]

"On Holy Wars and a Plea for Peace"

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="5ee8b0223655b548-ace105e3-46a7422f-9611b2e7-3f31dbcbd1c8c3c3e142648a"><ac:plain-text-body><![CDATA[

[[Harold 1997

AA. Bibliography#Harold 97]]

Chapter 2: "Primitive Data Types, Cross Platform issues"

]]></ac:plain-text-body></ac:structured-macro>

...