Insufficient Locking |
Weakness ID: 667 (Weakness Base) | Status: Draft |
Description Summary
The software does not properly acquire a lock on a resource, leading to unexpected resource state changes and behaviors.
Example 1
In the following Java snippet, methods are defined to get and set a long field in an instance of a class that is shared across multiple threads. Because operations on double and long are nonatomic in Java, concurrent access may cause unexpected behavior. Thus, all operations on long and double fields should be synchronized.
(Bad Code)
Example Language: Java
private long someLongValue;
public long getLongValue() {
return someLongValue;
}
public void setLongValue(long l) {
someLongValue = l;
}
Nature | Type | ID | Name | View(s) this relationship pertains to![]() |
---|---|---|---|---|
ChildOf | ![]() | 662 | Insufficient Synchronization | Development Concepts (primary)699 Research Concepts (primary)1000 |
ChildOf | ![]() | 664 | Improper Control of a Resource Through its Lifetime | Research Concepts1000 |
ChildOf | ![]() | 748 | CERT C Secure Coding Section 50 - POSIX (POS) | Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734 |
ParentOf | ![]() | 412 | Unrestricted Externally Accessible Lock | Research Concepts (primary)1000 |
ParentOf | ![]() | 413 | Insufficient Resource Locking | Research Concepts (primary)1000 |
ParentOf | ![]() | 414 | Missing Lock Check | Research Concepts (primary)1000 |
ParentOf | ![]() | 609 | Double-Checked Locking | Research Concepts1000 |
ParentOf | ![]() | 764 | Multiple Locks of a Critical Resource | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | ![]() | 765 | Multiple Unlocks of a Critical Resource | Development Concepts (primary)699 Research Concepts (primary)1000 |
Mapped Taxonomy Name | Node ID | Fit | Mapped Node Name |
---|---|---|---|
CERT C Secure Coding | POS31-C | Do not unlock or destroy another thread's mutex |
Modifications | ||||
---|---|---|---|---|
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Sean Eidemiller | Cigital | External | |
added/updated demonstrative examples | ||||
2008-07-01 | Eric Dalci | Cigital | External | |
updated Potential Mitigations, Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Relationships | ||||
2008-11-24 | CWE Content Team | MITRE | Internal | |
updated Relationships, Taxonomy Mappings | ||||
2009-03-10 | CWE Content Team | MITRE | Internal | |
updated Related Attack Patterns | ||||
2009-05-27 | CWE Content Team | MITRE | Internal | |
updated Relationships | ||||
2009-07-27 | CWE Content Team | MITRE | Internal | |
updated Common Consequences |