|
|
Status: Draft Weakness ID: 580 (Weakness Variant)Description Summary The software contains a clone() method that fails to call super.clone() to obtain the new object. Potential Mitigations Call super.clone() within your clone() method, when obtaining a new object. Demonstrative Examples The following two classes demonstrate a bug introduced by failing to call super.clone(). Because of the way Kibitzer implements clone(), FancyKibitzer's clone method will return an object of type Kibitzer instead of FancyKibitzer. Java Example: public class Kibitzer { public Object clone() throws CloneNotSupportedException { Object returnMe = new Kibitzer(); ... } } public class FancyKibitzer extends Kibitzer{ public Object clone() throws CloneNotSupportedException { Object returnMe = super.clone(); ... } }
Other Notes All implementations of clone() should obtain the new object by calling super.clone(). If a class fails to follow this convention, a subclass's clone() method will return an object of the wrong type. It is also a good idea to declare your clone method as final. You may not want users inheriting your class to tamper with the clone method. In some cases, you can eliminate the clone method altogether in some cases and use copy constructors. Relationships
Applicable Platforms Languages Java Time of Introduction  ImplementationContent History Modifications Eric Dalci. Cigital. 2008-07-01. (External) updated Potential_Mitigations, Time_of_Introduction CWE Content Team. MITRE. 2008-09-08. (Internal) updated Relationships, Other_Notes Previous Entry Names Erroneous Clone Method (changed 2008-04-11) |
|
|
|||
