Description
This weakness takes an input of " " where qsize is the length of the array to generate and sort for timing and string is an arbitrary string to use as data to pass around. The weakness uses a double checked lock to initialize a shared static data class in an attempt to be efficient (not block threads when the data is initialized) however this introduces a possibility for a thread to return from the method while another thread is in the process of initializing the data. This will lead to an access of uninitialized data, resulting in a StringIndexOutOfBoundsException. This malicious behavior is tiggered when qsize >= 5000000, and not to occur when qsize <= 50.
Metadata
- Base program: Elastic Search
- Source Taint: FILE_CONTENTS
- Data Type: VOID_POINTER
- Data Flow: JAVA_GENERICS
- Control Flow: INTERUPT_CONTINUE
Flaws
Test Suites
Documentation
Have any comments on this test case? Please, send us an email.