Page History

...

The risks of ignoring mutex ownership are similar to the risk of not using mutexes at all, which can result in a violation of data integrity.

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
POS48-C	Medium	Probable	High	P4	L3

Automated Detection

Tool	Version	Checker	Description

Fortify SCA5.0 Can detect violations of this rule with CERT C Rule Pack

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

CONCURRENCY.DU

Double Unlock

Helix QAC

Include Page

	Helix QAC_V
	Helix QAC_V

DF4971, DF4972, DF4981, DF4982

Parasoft C/C++test

Include Page

	Parasoft_V
	Parasoft_V

CERT_C-POS48-a
CERT_C-POS48-b

Do not destroy another thread's mutex
Do not release a lock that has not been acquired

Polyspace Bug Finder

Include Page

	Polyspace Bug Finder_V
	Polyspace Bug Finder_V

CERT C: Rule POS48-C

Checks for destruction of locked mutex (rule fully covered)

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

Key here (explains table format and definitions)

Taxonomy	Taxonomy item	Relationship
CWE 2.11

MITRE CWE

CWE-667, Insufficient locking

2017-07-10: CERT: Rule subset of CWE

CERT-CWE Mapping Notes

Key here for mapping notes

CWE-667 and CON31-C/POS48-C

Intersection( CON31-C, POS48-C) = Ø

CWE-667 = Union, CON31-C, POS48-C, list) where list =

Locking & Unlocking issues besides unlocking another thread’s C mutex or pthread mutex.

Bibliography

[Open Group 2004] pthread_mutex_lock()/pthread_mutex_unlock()
pthread_mutex_destroy()

...

Image Modified Image Modified Image Modified

Space shortcuts

Page tree

Versions Compared

Old Version 10

New Version Current

Key

Automated Detection

Related Vulnerabilities

Related Guidelines

CERT-CWE Mapping Notes

CWE-667 and CON31-C/POS48-C

Bibliography