SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 50

changes.mady.by.user Tracey Tamules

Saved on

compared with

New Version Current

changes.mady.by.user Valery

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The only unsigned primitive integer type in Java is the 16-bit char data type; all of the other primitive integer types are signed. To interoperate with native languages, such as C or C++, that use unsigned types extensively, read any unsigned values into the next larger Java signed primitive integer typemust be read and stored into a Java integer type that can fully represent the possible range of the unsigned data. For example, use a long to hold an the Java long type can be used to represent all possible unsigned 32-bit integer value values obtained from native code.

Noncompliant Code Example

This noncompliant code example uses a generic method for reading in integer data without considering the signedness of the source. It assumes that the values data read are is always signed and treats the most significant bit as the sign bit. When the data being read is unsigned, this causes misinterpretations of the actual sign and magnitude of the valuevalues may be misinterpreted.

Code Block
bgColor#FFcccc

public static int getInteger(DataInputStream is) throws IOException {
  return is.readInt();	
}

Compliant Solution

This compliant solution assumes requires that the values being read are 32-bit unsigned integers. It reads an unsigned integer value into a long variable using the readInt() method. The readInt() method assumes signed values and returns a signed Java int; the return value is converted to a long with sign extension. The code uses an & operation to mask off the upper 32 - bits of the long; this produces , producing a value in the range of a 32-bit unsigned integer, as intended. The mask size should be chosen to match the size of the unsigned integer values being read.

Code Block
bgColor#ccccff

public static long getInteger(DataInputStream is) throws IOException {
  return is.readInt() & 0xFFFFFFFFL; // maskMask with 32 one-bits
}

As a general ruleprinciple, you must should always be aware of the signedness of the data you are reading.

Risk Assessment

Treating unsigned data as though it were signed will produce produces incorrect values and can lead to lost or misinterpreted data.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

NUM06

NUM03-J

low

Low

unlikely

Unlikely

medium

Medium

P2

L3

Automated Detection

Automated detection is infeasible in the general case.

Bibliography

...

[

[API 2006

AA. Bibliography#API 06]

]

Class DataInputStream: method readInt

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ee96e324-d069-4321-bbd9-61b96e317e44"><ac:plain-text-body><![CDATA[

[

[Harold 1997

AA. Bibliography#Harold 97]

]

Chapter 2

:

, "Primitive Data Types, Cross-Platform Issues, Unsigned Integers

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="40a5993e-18b6-460f-929f-e3e89024dc14

"

><ac:plain-text-body><![CDATA[

[

[

Hitchens 2002

AA. Bibliography#Hitchens 02

]

]

Section 2.4.5, "Accessing Unsigned Data"

]]></ac:plain-text-body></ac:structured-macro>

[Seacord 2015]
Image result for video iconImage Added NUM03-J. Use integer types that can fully represent the possible range of unsigned data LiveLesson


...

Image Added Image Added Image AddedNUM02-J. Use shift operators correctly      03. Numeric Types and Operations (NUM)      NUM07-J. Avoid using floating-point numbers when precise computation is required