Use of a Non-reentrant Function in an Unsynchronized Context
Weakness ID: 663 (Weakness Base)Status: Draft
+ Description

Description Summary

The software calls a non-reentrant function in a context where a competing thread may have an opportunity to call the same function or otherwise influence its state.
+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Potential Mitigations

Use reentrant functions if available.

Add synchronization to your non-reentrant function.

In Java, you can use the ReentrantLock Class.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory361Time and State
Development Concepts (primary)699
ChildOfWeakness BaseWeakness Base662Insufficient Synchronization
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant558Use of getlogin() in Multithreaded Application
Research Concepts (primary)1000
+ Related Attack Patterns
CAPEC-IDAttack Pattern Name
(CAPEC Version: 1.4)
29Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
+ References
Java Concurrency API, SUN. "Class ReentrantLock". <http://java.sun.com/j2se/1.5.0/docs/api/java/util/concurrent/locks/ReentrantLock.html>.
Dipak Jha (dipakjha@in.ibm.com), Software Engineer, IBM. "Use reentrant functions for safer signal handling". <http://www.ibm.com/developerworks/linux/library/l-reent.html>.
+ Content History
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated References, Potential Mitigations, Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, References
2009-03-10CWE Content TeamMITREInternal
updated Related Attack Patterns
Back to top