CWE-586: Explicit Call to Finalize()

Description

The product makes an explicit call to the finalize() method from outside the finalizer.

Submission Date :

Dec. 15, 2006, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE

Extended Description

While the Java Language Specification allows an object's finalize() method to be called from outside the finalizer, doing so is usually a bad idea. For example, calling finalize() explicitly means that finalize() will be called more than once: the first time will be the explicit call and the last time will be the call that is made after the object is garbage collected.

Example Vulnerable Codes

Example - 1

The following code fragment calls finalize() explicitly:


// // time to clean up// 
widget.finalize();

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-675: Multiple Operations on Resource in Single-Operation Context

Go to

CWE-1076: Insufficient Adherence to Expected Conventions

Go to

Visit http://cwe.mitre.org/ for more details.