...
The general contract for the write() method says that it writes one byte to the output stream. The byte to be written constitutes the eight lower-order bits of the argument b, passed to the write() method; the 24 high-order bits of b are ignored (see [API 2006] see java.io.OutputStream.write() [API 2014] for more information).
Noncompliant Code Example
...
This compliant solution uses the writeInt() method of the DataOutputStream class, which can output the entire range of values representable as an int.:
| Code Block | ||
|---|---|---|
| ||
class FileWrite {
public static void main(String[] args)
throws NumberFormatException, IOException {
DataOutputStream dos = new DataOutputStream(System.out);
dos.writeInt(Integer.valueOf(args[0].toString()));
System.out.flush();
}
}
|
...
Using the write() method to output integers outside the range 0 to 255 will result in truncation.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
FIO09-J |
Low |
Unlikely |
Medium | P2 | L3 |
Automated Detection
Automated detection of all uses of the write() method is straightforward. Sound determination of whether the truncating behavior is correct is not feasible in the general case. Heuristic checks could be useful.
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| CodeSonar |
| JAVA.NULL.RET.UNCHECKED | Call Might Return Null (Java) | ||||||
| Coverity | 7.5 | CHECKED_RETURN | Implemented | ||||||
| Parasoft Jtest |
| CERT.FIO09.ARGWRITE | Do not rely on the write() method to output integers outside the range 0 to 255 |
Related Guidelines
Bibliography
...