Kingdom: Code Quality

Poor code quality leads to unpredictable behavior. From a user's perspective that often manifests itself as poor usability. For an attacker it provides an opportunity to stress the system in unexpected ways.

Code Correctness: Call to notify()

Java/JSP

Abstract

It is ambiguous which thread will wake up when notify() is called.

Explanation

There is no way to specify which thread will be awakened by calls to notify().

Example 1: In the following code, notifyJob() calls notify().


public synchronized notifyJob() {
flag = true;
notify();
}
...
public synchronized waitForSomething() {
while(!flag) {
    try {
        wait();
    }
    catch (InterruptedException e)
    {
        ...
    }
}
...
}

In this case, the developer intends to wake up the thread that calls wait(), but it is possible that notify() will notify a different thread than the intended one.

References

[1] Sun Microsystems, Inc. Java Sun Tutorial - Concurrency

[2] Sun Microsystems, Inc. Java Sun Tutorial - Concurrency

[3] THI02-J. Notify all waiting threads rather than a single thread CERT

[4] Standards Mapping - Common Weakness Enumeration CWE ID 373

desc.structural.java.code_correctness_call_to_notify