CQE-667: Shared Resource Improper Locking

 
Shared Resource Improper Locking
[an error occurred while processing this directive] Definition in a New Window Definition in a New Window
Quality Issue ID: 667 Maturity: Preliminary
+ Description

Description Summary

This pattern identifies situations where the shared storable data element or member data element, declared with the Create action, is accessed outside a critical section of the application via the Read or Write action. The critical nature of the section is technology and platform dependent. As examples, in C/C++, critical nature comes from the use of 'mtx_lock' and 'mtx_unlock' from the 'threads.h' standard C language API, or from the use of 'pthread_mutex_lock' and 'pthread_mutex_unlock' from the 'pthreads.h' C/C++ POSIX API, or from the use of 'EnterCriticalSection' and 'LeaveCriticalSection' from the 'windows.h' C/C++ Win32 API. As other examples, in Java, critical nature comes from the use of the 'synchronized' keyword, and in C#, critical nature comes from the use of the 'lock' keyword.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains to
View
ChildOf
Ch
Characteristic		9115Security
Default Graph (primary)9001
ChildOf
Pr
Practice		9178Locking
Quality Issues Organized by Practices (primary)9002
CanPrecede
Co
Consequence		9028Deadlock
Default Graph (primary)9001

Related Taxonomy Entries

TaxonomyVersionRelated ID
ASCSM1ASCSM-CWE-667
CWE2.11667
+ References
"Automated Source Code Security Measure (ASCSM)". ASCSM-CWE-667. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCSM/1.0/>.
Page Last Updated or Reviewed: October 01, 2017