SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 106

changes.mady.by.user Unknown User (lflynn)

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM Cost Reform

When multiple threads can read or modify the same data, use synchronization techniques to avoid software flaws that can lead to security vulnerabilities. Data races can often result in abnormal termination or denial of service, but it is possible for them to result in more serious vulnerabilities. The C Standard, section 5.1.2.45, paragraph 25 35 [ISO/IEC 9899:20112024], says:

The execution of a program contains a data race if it contains two conflicting actions in different threads, at least one of which is not atomic, and neither happens before the other. Any such data race results in undefined behavior.

...

This noncompliant code example illustrates Xen Security Advisory CVE-2015-8550 / XSA-155 In this example, the following code is vulnerable to a data race where the integer referenced by ps could be modified by a second thread that ran between the two reads of the variable.

...

Race conditions caused by multiple threads concurrently accessing and modifying the same data can lead to abnormal termination and denial-of-service attacks or data integrity violations.

Recommendation

Severity

Likelihood

Detectable

Remediation Cost

Repairable

Priority

Level

CON43-C

Medium

Probable

No

High

No

P4

L3

Automated Detection

ToolVersionCheckerDescription
Astrée
Include Page
Astrée_V
Astrée_V

read_data_race

write_data_race

Supported by sound analysis (data race alarm)
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
CONCURRENCY.DATARACE
CONCURRENCY.MAA
Data race
Multiple Accesses of Atomic
Coverity
Include Page
Coverity_V
Coverity_V
MISSING_LOCK (partial)Implemented
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C1765, C1766, C1770, C1771

C++1765, C++1766, C++1770, C++1771


Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_C-CON43-a

Do not use global variable with different locks set

PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

457

Partially supported: access is detected at the object level (not at the field level)

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder

R2016aData raceMultiple tasks perform unprotected non-atomic operations on shared variables

_V

CERT C: Rule CON43-C

Checks for data race (rule fully covered)

PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V1088

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

Key here (explains table format and definitions)

Taxonomy

Taxonomy item

Relationship

CWE 2.11CWE-366, Race condition within a thread2017-07-07: CERT: Exact

Bibliography

[ISO/IEC 9899:
2011
2024]5.1.2.
4
5, "Multi-threaded Executions and Data Races
"
7.17.2, "Initialization
"
[C99 Rationale 2003]
 

[Dowd 2006]Chapter 13, "Synchronization and State"
[Plum 2012]
 

[Seacord 2013]Chapter 8, "File I/O"

...


...