...
Code Block | ||
---|---|---|
| ||
public final class Client { private final Lock lock = new ReentrantLock(); public void doSomething(File file) { InputStream in = null; try { lock.lock(in = new FileInputStream(file); in = new FileInputStream(filelock.lock(); // Perform operations on the open file lock.unlock(); } catch (FileNotFoundException x) { // Handle exception } finally { if (in != null) { try { in.close(); } catch (IOException x) { // Handle exception } } } } } |
...
Failure to release locks on exceptional conditions could lead to thread starvation and deadlock.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
LCK08-J | Low | Likely | Low | P9 | L2 |
Automated Detection
Some static analysis tools are capable of detecting violations of this rule.
Tool | Version | Checker | Description |
---|---|---|---|
Parasoft Jtest |
|
|
|
CERT.LCK08.RLF |
CERT. |
LCK08.LOCK |
Release Locks in a "finally" block Do not abandon unreleased locks | |||||||||
ThreadSafe |
| CCE_LK_UNRELEASED_ON_EXN | Implemented |
Related Vulnerabilities
The GERONIMO-2234 issue report describes a vulnerability in the Geronimo application server. If the user single-clicks the keystore portlet, the user will lock the default keystore without warning. This causes a crash and stack trace to be produced. Furthermore, the server cannot be restarted because the lock is never cleared.
Related Guidelines
Bibliography
...
...