Insufficient Locking |
Weakness ID: 667 (Weakness Base) | Status: Draft |
Description Summary
The software does not properly acquire a lock on a resource, leading to unexpected resource state changes and behaviors.
Example 1
In the following Java snippet, methods are defined to get and set a long field in an instance of a class that is shared across multiple threads. Because operations on double and long are nonatomic in Java, concurrent access may cause unexpected behavior. Thus, all operations on long and double fields should be synchronized.
(Bad Code)
Example Language: Java
private long someLongValue;
public long getLongValue() {
return someLongValue;
}
public void setLongValue(long l) {
someLongValue = l;
}
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ChildOf | Weakness Base | 662 | Insufficient Synchronization | Development Concepts (primary)699 Research Concepts (primary)1000 |
ChildOf | Weakness Class | 664 | Improper Control of a Resource Through its Lifetime | Research Concepts1000 |
ChildOf | Category | 748 | CERT C Secure Coding Section 50 - POSIX (POS) | Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734 |
ParentOf | Weakness Base | 412 | Unrestricted Externally Accessible Lock | Research Concepts (primary)1000 |
ParentOf | Weakness Base | 413 | Insufficient Resource Locking | Research Concepts (primary)1000 |
ParentOf | Weakness Base | 414 | Missing Lock Check | Research Concepts (primary)1000 |
ParentOf | Weakness Base | 609 | Double-Checked Locking | Research Concepts1000 |
ParentOf | Weakness Variant | 764 | Multiple Locks of a Critical Resource | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | Weakness Variant | 765 | Multiple Unlocks of a Critical Resource | Development Concepts (primary)699 Research Concepts (primary)1000 |
Mapped Taxonomy Name | Node ID | Fit | Mapped Node Name |
---|---|---|---|
CERT C Secure Coding | POS31-C | Do not unlock or destroy another thread's mutex |
Modifications | ||||
---|---|---|---|---|
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Sean Eidemiller | Cigital | External | |
added/updated demonstrative examples | ||||
2008-07-01 | Eric Dalci | Cigital | External | |
updated Potential Mitigations, Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Relationships | ||||
2008-11-24 | CWE Content Team | MITRE | Internal | |
updated Relationships, Taxonomy Mappings | ||||
2009-03-10 | CWE Content Team | MITRE | Internal | |
updated Related Attack Patterns | ||||
2009-05-27 | CWE Content Team | MITRE | Internal | |
updated Relationships | ||||
2009-07-27 | CWE Content Team | MITRE | Internal | |
updated Common Consequences |