Use of a Non-reentrant Function in an Unsynchronized Context
Weakness ID: 663 (Weakness Base)Status: Draft
+ Description

Description Summary

The software calls a non-reentrant function in a context where a competing thread may have an opportunity to call the same function or otherwise influence its state.
+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Potential Mitigations

Use reentrant functions if available.

Add synchronization to your non-reentrant function.

In Java, you can use the ReentrantLock Class.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory361Time and State
Development Concepts (primary)699
ChildOfWeakness BaseWeakness Base662Insufficient Synchronization
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant558Use of getlogin() in Multithreaded Application
Research Concepts (primary)1000
+ Related Attack Patterns
CAPEC-IDAttack Pattern Name
(CAPEC Version: 1.4)
29Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
+ References
Java Concurrency API, SUN. "Class ReentrantLock". <>.
Dipak Jha (, Software Engineer, IBM. "Use reentrant functions for safer signal handling". <>.
+ Content History
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated References, Potential Mitigations, Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, References
2009-03-10CWE Content TeamMITREInternal
updated Related Attack Patterns