CWE-228: Improper Handling of Syntactically Invalid Structure

Description

The product does not handle or incorrectly handles input that is not syntactically well-formed with respect to the associated specification.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE
Example Vulnerable Codes

Example - 1

This Android application has registered to handle a URL when sent an intent:


// ...// 
// ...// 


String URL = intent.getStringExtra("URLToOpen");int length = URL.length();
// ...// 
if("com.example.URLHandler.openURL".equals(intent.getAction())) {}@Overridepublic void onReceive(Context context, Intent intent) {}IntentFilter filter = new IntentFilter("com.example.URLHandler.openURL");MyReceiver receiver = new MyReceiver();registerReceiver(receiver, filter);public class UrlHandlerReceiver extends BroadcastReceiver {}

The application assumes the URL will always be included in the intent. When the URL is not present, the call to getStringExtra() will return null, thus causing a null pointer exception when length() is called.

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-229: Improper Handling of Values
Go to
CWE-233: Improper Handling of Parameters
Go to
CWE-237: Improper Handling of Structural Elements
Go to
CWE-241: Improper Handling of Unexpected Data Type
Go to
CWE-703: Improper Check or Handling of Exceptional Conditions
Go to
CWE-707: Improper Neutralization
Go to

Visit http://cwe.mitre.org/ for more details.