CWE-580: clone() Method Without super.clone()

Description

The product contains a clone() method that does not call super.clone() to obtain the new object.

Submission Date :

Dec. 15, 2006, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE

Extended Description

All implementations of clone() should obtain the new object by calling super.clone(). If a class does not follow this convention, a subclass's clone() method will return an object of the wrong type.

Example Vulnerable Codes

Example - 1

The following two classes demonstrate a bug introduced by not calling super.clone(). Because of the way Kibitzer implements clone(), FancyKibitzer's clone method will return an object of type Kibitzer instead of FancyKibitzer.


Object returnMe = new Kibitzer();...public Object clone() throws CloneNotSupportedException {}

Object returnMe = super.clone();...public Object clone() throws CloneNotSupportedException {}public class Kibitzer {}public class FancyKibitzer extends Kibitzer{}

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-573: Improper Following of Specification by Caller

Go to

CWE-664: Improper Control of a Resource Through its Lifetime

Go to

Visit http://cwe.mitre.org/ for more details.