National Institute of Standards and Technology
Package illustrating a test case

Test case 154784

Description

This weakness takes an input of " " where qsize is the length of the array to generate and sort for timing and string is an arbitrary string to use as data to pass around. The weakness uses a double checked lock to initialize a shared static data class in an attempt to be efficient (not block threads when the data is initialized) however this introduces a possibility for a thread to return from the method while another thread is in the process of initializing the data. This will lead to an access of uninitialized data, resulting in a StringIndexOutOfBoundsException. This malicious behavior is tiggered when qsize >= 5000000, and not to occur when qsize <= 50.
Metadata
- Base program: JTree
- Source Taint: FILE_CONTENTS
- Data Type: SIMPLE
- Data Flow: BASIC
- Control Flow: SEQUENCE

Flaws

Test Suites

Documentation

Have any comments on this test case? Please, send us an email.