National Institute of Standards and Technology
Package illustrating a test case

Test case 150242

Description

This test case implements a missing lock check that allows two threads to access a shared character array simultaneously, leading to a null pointer deference. It takes an integer, the names of two control files, and an input string as input. The integer and two control files are used for timing, and are discussed in more detail below. The test case creates two threads that both modify a shared character array containing the input string, however only one of the the threads implements a locking mechanism. Since one thread sets the character array pointer to null temporarily and the other tries to read the character array, this can cause a null pointer dereference if the timing occurs properly.
Metadata
- Base program: Subversion
- Source Taint: SOCKET
- Data Type: HEAP_POINTER
- Data Flow: ADDRESS_AS_LINEAR_EXPRESSION
- Control Flow: SET_JUMP_LONG_JUMP

Flaws

Test Suites

Documentation

Have any comments on this test case? Please, send us an email.