JAVA.INF.LOOP.EMPTY

Do not use an empty infinite loop

Vulnerability and risk

Empty infinite loops can affect performance without performing any operations.

Mitigation and prevention

Do not have an empty while true loop, either add a line to the loop, or don't use while true.

Implement a process within the infinite loop to explicitly handle the required outcome. Whether introducing a wait() call or releasing the thread in threaded applications.

Vulnerable code example

Copy

1
2
3
4
5
6
7
8
9
10
package com.klocwork;

public class JAVA_INF_LOOP_EMPTY_POSITIVE {
    public static void main(String args[]) {
        System.out.println("hello world");
        while (true) {
            
        }
    }
}

Fixed code example

Copy

1
2
3
4
5
6
7
8
9
package com.klocwork;

public class JAVA_INF_LOOP_EMPTY_NEGATIVE {
    public static void test(String args[]) {
        while (true) {
            System.out.println("hello world");
        }
    }
}

External guidance

CERT MSC01-J: Do not use an empty infinite loop