...
| Code Block | ||
|---|---|---|
| ||
#include <pthread.h>
void *thread1(void *ptr);
void *thread2(void *ptr);
pthread_mutex_t m1 = PTHREAD_MUTEX_INITIALIZER;
pthread_mutex_t m2 = PTHREAD_MUTEX_INITIALIZER;
void *thread1(void *ptr) {
pthread_mutex_lock(&m1);
pthread_mutex_lock(&m2);
/* do some stuff that require locking mutex1 */
/* do some stuff that require locking mutex2 */
pthread_mutex_unlock(&m2);
pthread_mutex_unlock(&m1);
return NULL;
}
void *thread2(void *ptr) {
pthread_mutex_lock(&m1);
pthread_mutex_lock(&m2);
/* do some stuff that require locking mutex1 */
/* do some stuff that require locking mutex2 */
pthread_mutex_unlock(&m1);
pthread_mutex_unlock(&m2);
return NULL;
}
|
Risk Assessment
Deadlock causes multiple threads to not be able to progress and thus halt the executing program. This is a potential denial-of-service attack when the attacker can force deadlock situations. It's probable that deadlock will occur in multi-thread programs that manage multiple resources. Some automation for detecting deadlock can be implemented in which the detector can try different input and wait for a timeout. The fixes can be done automatically using some graph algorithm like Dijkstra, but most like be manual.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
POS43-C | low medium | probable | medium | P3 | 4 |
References
pthread_mutex pthread_mutex tutorial
MITRE CWE MITRE:764 Multiple Locks of Critical Resources
...