Description
This weakness takes an input of " " where qsize is the length of the array to generate and sort for timing and string is an arbitrary string to use as data to pass around. The weakness uses a double checked lock to initialize a shared static data class in an attempt to be efficient (not block threads when the data is initialized) however this introduces a possibility for a thread to return from the method while another thread is in the process of initializing the data. This will lead to an access of uninitialized data, resulting in a StringIndexOutOfBoundsException. This malicious behavior is tiggered when qsize >= 5000000, and not to occur when qsize <= 50.
Metadata
- Base program: Apache POI
- Source Taint: SOCKET
- Data Type: SIMPLE
- Data Flow: VAR_ARG_LIST
- Control Flow: INTERCLASS_2
Flaws
Test Suites
Documentation
Have any comments on this test case? Please, send us an email.