clone() Method Without super.clone() |
Weakness ID: 580 (Weakness Variant) | Status: Draft |
Description Summary
The software contains a clone() method that fails to call super.clone() to obtain the new object.
Extended Description
All implementations of clone() should obtain the new object by calling super.clone(). If a class fails to follow this convention, a subclass's clone() method will return an object of the wrong type.
Example 1
The following two classes demonstrate a bug introduced by failing to call super.clone(). Because of the way Kibitzer implements clone(), FancyKibitzer's clone method will return an object of type Kibitzer instead of FancyKibitzer.
(Bad Code)
Example Language: Java
public class Kibitzer {
public Object clone() throws CloneNotSupportedException {
Object returnMe = new Kibitzer();
...
}
}
public class FancyKibitzer extends Kibitzer{
public Object clone() throws CloneNotSupportedException {
Object returnMe = super.clone();
...
}
}
Phase: Implementation Call super.clone() within your clone() method, when obtaining a new object. |
Phase: Implementation In some cases, you can eliminate the clone method altogether and use copy constructors. |
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ChildOf | Weakness Class | 485 | Insufficient Encapsulation | Development Concepts (primary)699 Research Concepts (primary)1000 |
ChildOf | Weakness Class | 573 | Failure to Follow Specification | Development Concepts699 Research Concepts1000 |
Modifications | ||||
---|---|---|---|---|
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated Potential Mitigations, Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Relationships, Other Notes | ||||
2009-07-27 | CWE Content Team | MITRE | Internal | |
updated Description, Other Notes, Potential Mitigations | ||||
Previous Entry Names | ||||
Change Date | Previous Entry Name | |||
2008-04-11 | Erroneous Clone Method | |||