Description
This test case implements a missing lock check that allows two threads to access a shared character array simultaneously, leading to a null pointer deference. It takes an integer, the names of two control files, and an input string as input. The integer and two control files are used for timing, and are discussed in more detail below. The test case creates two threads that both modify a shared character array containing the input string, however only one of the the threads implements a locking mechanism. Since one thread sets the character array pointer to null temporarily and the other tries to read the character array, this can cause a null pointer dereference if the timing occurs properly.
Metadata
- Base program: Subversion
- Source Taint: ENVIRONMENT_VARIABLE
- Data Type: STRUCT
- Data Flow: ADDRESS_ALIAS_10
- Control Flow: CALLBACK
Flaws
Test Suites
Documentation
Have any comments on this test case? Please, send us an email.