This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Code Correctness: Erroneous finalize() Method

Revision as of 12:58, 18 July 2006 by Weilin Zhong (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
This article includes content generously donated to OWASP by MicroFocus Logo.png

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.


This finalize() method does not call super.finalize().


The Java Language Specification states that it is a good practice for a finalize() method to call super.finalize()[1].


The following method omits the call to super.finalize().

protected void finalize() { discardNative(); }


[1] J. Gosling, B. Joy, G. Steele, G. Bracha. The Java Language Specification, Second Edition. Addison-Wesley, 2000.