This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Poor Style: Explicit call to finalize()"
Weilin Zhong (talk | contribs) |
Weilin Zhong (talk | contribs) |
||
Line 24: | Line 24: | ||
==Related Attacks== | ==Related Attacks== | ||
− | |||
− | |||
==Related Vulnerabilities== | ==Related Vulnerabilities== | ||
Line 33: | Line 31: | ||
==Categories== | ==Categories== | ||
[[Category:Use of Dangerous API]] | [[Category:Use of Dangerous API]] | ||
+ | [[Category:API Abuse]] | ||
[[Category:Java]] | [[Category:Java]] | ||
[[Category:Implementation]] | [[Category:Implementation]] | ||
[[Category:Code Snippet]] | [[Category:Code Snippet]] |
Revision as of 18:50, 18 July 2006
This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.
Abstract
The finalize() method should only be called by the JVM after the object has been garbage collected.
Description
While the Java Language Specification allows an object's finalize() method to be called from outside the finalizer, doing so is usually a bad idea. For example, calling finalize() explicitly means that finalize() will be called more than once: the first time will be the explicit call and the last time will be the call that is made after the object is garbage collected.
Examples
The following code fragment calls finalize() explicitly:
// time to clean up widget.finalize();