Mutexes are used to protect shared data structures being concurrently accessed. If a mutex is destroyed while a thread is blocked waiting for that mutex, critical sections and shared data are no longer protected.
The C Standard, 188.8.131.52, paragraph 2 [ISO/IEC 9899:2011], states
mtx_destroyfunction releases any resources used by the mutex pointed to by
mtx. No threads can be blocked waiting for the mutex pointed to by
This statement implies that destroying a mutex while a thread is waiting on it is undefined behavior.
Noncompliant Code Example
This noncompliant code example creates several threads that each invoke the
do_work() function, passing a unique number as an ID. The
do_work() function initializes the
lock mutex if the argument is 0 and destroys the mutex if the argument is
max_threads - 1. In all other cases, the
do_work() function provides normal processing. Each thread, except the final cleanup thread, increments the atomic
completed variable when it is finished.
This compliant solution eliminates the race conditions by initializing the mutex in
main() before creating the threads and by destroying the mutex in
main() after joining the threads:
Destroying a mutex while it is locked may result in invalid control flow and data corruption.
|Supported, but no explicit checker
Local Variable Passed to Thread
Do not destroy another thread's mutex
|CERT C: Rule CON31-C
|Checks for destruction of locked mutex (rule fully covered)
Key here (explains table format and definitions)
|CWE-667, Improper Locking
|2017-07-10: CERT: Rule subset of CWE
CERT-CWE Mapping Notes
Key here for mapping notes
CWE-667 and CON31-C/POS48-C
Intersection( CON31-C, POS48-C) = Ø
CWE-667 = Union, CON31-C, POS48-C, list) where list =
- Locking & Unlocking issues besides unlocking another thread’s C mutex or pthread mutex.