Uploaded image for project: 'Rules Repository'
  1. Rules Repository
  2. RSPEC-2792

"free" should be called on blobs and clobs

    XMLWordPrintable

    Details

    • Message:
      Hide
      * Add a "xxx.free()" call.
      * Free the "xxx" retrieved on this line.
      Show
      * Add a "xxx.free()" call. * Free the "xxx" retrieved on this line.
    • Default Severity:
      Blocker
    • Impact:
      High
    • Likelihood:
      High
    • Default Quality Profiles:
      Sonar way
    • Targeted languages:
      Java
    • Remediation Function:
      Constant/Issue
    • Constant Cost:
      5min
    • Implementation details:

      Description

      According to the JDBC specification:

      Blob, Clob, and NClob Java objects remain valid for at least the duration of the transaction in which they are created. This could potentially result in an application running out of resources during a long running transaction.

      Noncompliant Code Example

      PreparedStatement ps = conn.prepareStatement("SELECT text, img from photos where author=?");
      ps.setString(1,author);
      ResultSet rs = ps.executeQuery();
      while (rs.next()) {
        Image image = saveImg(rs.getBlob("img").getBinaryStream());  // Noncompliant; blob is never freed
        image.addCaption(rs.getClob("text").getCharacterStream());  // Noncompliant
      }
      

      Compliant Solution

      PreparedStatement ps = conn.prepareStatement("SELECT text, img from photos where author=?");
      ps.setString(1,author);
      ResultSet rs = ps.executeQuery();
      while (rs.next()) {
        Blob blob = rs.getBlob("img");
        Image image = saveImg(blob.getBinaryStream());
        blob.free();
      
        Clob clob = rs.getClob("text");
        image.addCaption(clob.getCharacterStream());
        clob.free();
      }
      

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            ann.campbell.2 Ann Campbell
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: