State Synchronization Error
Weakness ID: 373 (Weakness Base)Status: Draft
+ Description

Description Summary

State synchronization refers to a set of flaws involving contradictory states of execution in a process which result in undefined behavior.
+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Applicable Platforms

Languages

All

+ Common Consequences
ScopeEffect

Depending on the nature of the state of corruption, any of the listed consequences may result.

+ Likelihood of Exploit

Medium to High

+ Demonstrative Examples

Example 1

(Bad Code)
Example Languages: C and C++ 
static void print(char * string) {
char * word;
int counter;
fflush(stdout);
for(word = string; counter = *word++; )
putc(counter, stdout);
}

int main(void) {
pid_t pid;
if( (pid = fork()) < 0)
exit(-2);
else if( pid == 0)
print("child");
else print("parent\n");
exit(0);
}
(Bad Code)
Example Language: Java 
class read{
private int lcount;
private int rcount;
private int wcount;

public void getRead(){
while ((lcount == -1) || (wcount !=0));
lcount++;
}

public void getWrite(){
while ((lcount == -0);
lcount--;
lcount=-1;
}

public void killLocks(){
if (lcount==0)
return;
else if (lcount == -1)
lcount++;
else lcount--;
}
}
+ Potential Mitigations

Phase: Implementation

Pay attention to asynchronous actions in processes and make copious use of sanity checks in systems that may be subject to synchronization errors.

+ Other Notes

The class of synchronization errors is large and varied, but all rely on the same essential flaw. The state of the system is not what the process expects it to be at a given time. Obviously, the range of possible symptoms is enormous, as is the range of possible solutions. The flaws presented in this section are some of the most difficult to diagnose and fix. It is more important to know how to characterize specific flaws than to gain information about them.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory371State Issues
Development Concepts (primary)699
ChildOfWeakness BaseWeakness Base662Insufficient Synchronization
Research Concepts (primary)1000
PeerOfWeakness BaseWeakness Base367Time-of-check Time-of-use (TOCTOU) Race Condition
Research Concepts1000
PeerOfWeakness BaseWeakness Base476NULL Pointer Dereference
Research Concepts1000
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
CLASPState synchronization error
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
CLASPExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Common Consequences, Relationships, Other Notes, Taxonomy Mappings
Back to top