Skip to content

Commit

Permalink
Add empty finalizers to non-final classes that throw exceptions
Browse files Browse the repository at this point in the history 
A new Spotbugs error indicated that nefarious subclasses may leave the
superclass in a half-initialized state through a "finalizer attack".

While no exploit is known, fixing this is the right thing to do.

Moreover, empty finalizers may even be a performance optimization; see
https://stuartmarks.wordpress.com/2022/04/27/why-write-an-empty-finalize-method/
  • Loading branch information
@kohlschuetter
kohlschuetter committed Nov 10, 2023
1 parent 3d74daa commit 63f9f25
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions kohlschutter-test-util/src/main/java/com/kohlschutter/testutil/OutputBridge.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,12 @@ private OutputBridge(Process process, ProcessStream output, byte[] prefix) {
}
}

@SuppressWarnings({"NoFinalizer" /* checkstyle */, "PMD.EmptyFinalizer"})
@Deprecated
@Override
protected final void finalize() {
}

@Override
public final void run() {
bos = new ByteArrayOutputStream();
Expand Down

0 comments on commit 63f9f25

Please sign in to comment.