(THIS CODING RULE OR GUIDELINE IS UNDER CONSTRUCTION)
Before Android version 4.0, "Ice Cream Sandwich", direct pointers to Java objects were used in native code. However, Ice Cream Sandwich introduced the use of indirect handles. This is to facilitate the introduction of a compacting garbage collector in the future. Such a garbage collector moves objects in memory so direct pointers to objects may no longer be valid after a compacting garbage collector has run. For more information on this see [Verify], section "Preventing JNI Issues" and [Hughes 2011].
Noncompliant Code Example
This noncompliant code example shows an example where a direct pointer to a Java object is used with erroneous results.
Compliant Solution
In this compliant solution ...
Risk Assessment
If a direct pointer to a Java object is used in Android versions after version 4.0 "Ice Cream Sandwich" then erroneous results may be obtained that could lead to the app crashing. This, in turn, could be used to mount a denial or service attack.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
JNI02-J | Low | Probable | Low | P6 | L2 |
Automated Detection
Direct pointers to Java objects can be detected and replaced by indirect handles automatically.