...
Another approach is to embed a concurrently accessed variable inside a union, along with a long variable, or at least some padding to ensure that the concurrent variable is the only element to be accessed at that address. This technique would effectively guarantee that no other variables are accessed or modified when the concurrent variable is accessed or modified.
Noncompliant Code Example (Bit-field)
In this noncompliant code example, two executing threads simultaneously access two separate members of a global struct.
...
Even though each thread is modifying a separate bit-field, they are both modifying the same location in memory. This same problem is discussed in CON00-C. Avoid race conditions with multiple threads, but it is harder to diagnose because it is not immediately obvious that the same memory location is being modified.
Compliant Solution (Bit-field)
This compliant solution protects all accesses of the flags with a mutex, thereby preventing any data races. Finally, the flags are embedded in a union alongside a long, and a static assertion guarantees that the flags do not occupy more space than the long. This technique prevents any data not checked by the mutex from being accessed or modified with the bit-fields.
...
Static assertions are discussed in detail in DCL03-C. Use a static assertion to test the value of a constant expression.
Risk Assessment
Although the race window is narrow, having an assignment or an expression evaluate improperly because of misinterpreted data can result in a corrupted running state or unintended information disclosure.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
CON32-C | medium | probable | medium | P8 | L2 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
ISO/IEC 9899:2011 Section 6.7.2.1, "Structure and union specifiers"
...