National Institute of Standards and Technology
Package illustrating a test case

Test case 154378

Description

This weakness takes an integer and string as input (int string) where the integer is the size of the array to sort for timing and the string is the data that is acted upon. The weakness spawns two threads, both of which in turn call the function 'arrFunc' which is non-reentrant. 'arrFunc' uses a static integer to iterate through the string which can lead to multiple increments of j per iteration of the for loop causing a StringIndexOutOfBoundsException if 'arrFunc' is run simultaneously by two or more threads.
Metadata
- Base program: Elastic Search
- Source Taint: ENVIRONMENT_VARIABLE
- Data Type: SIMPLE
- Data Flow: VAR_ARG_LIST
- Control Flow: SEQUENCE

Flaws

Test Suites

Documentation

Have any comments on this test case? Please, send us an email.