SAMATE Logo NIST Logo The SAMATE Project Department of Homeland Security
Downloads:  Download this Test Case #154784

Back to the previous page... Back to the previous page

Test Case IDCandidate154784
Bad / Good / MixedBadBad test case
AuthorIARPA STONESOUP Test and Evaluation team
Associations
Test suite: 102  
Application: 16  
Added byCharles Oliveira
LanguageJava
Type of test caseSource Code
Input string
Expected Output
Instructions
See src/build.xml.
Submission date2015-10-06
DescriptionThis weakness takes an input of "<qsize> <string>" where qsize is the length of the array to generate and sort for timing and string is an arbitrary string to use as data to pass around. The weakness uses a double checked lock to initialize a shared static data class in an attempt to be efficient (not block threads when the data is initialized) however this introduces a possibility for a thread to return from the method while another thread is in the process of initializing the data. This will lead to an access of uninitialized data, resulting in a StringIndexOutOfBoundsException. This malicious behavior is tiggered when qsize >= 5000000, and not to occur when qsize <= 50.

Metadata
- Base program: JTree
- Source Taint: FILE_CONTENTS
- Data Type: SIMPLE
- Data Flow: BASIC
- Control Flow: SEQUENCE
File(s)
Flaw

There are no comments
Have any comments on this test case? Please, .

File Contains:
CWE-609: Double-Checked Locking on line(s): 422, 423, 424, 425, 426