Call to blocking function in critical section

The CONC.SLEEP checker finds instances of blocking functions in critical sections of code.

Vulnerability and risk

Until the blocking function is executed, locks aren't released and other threads may be blocked. These situations can result in unexpected behavior, so it's best to avoid calling blocking functions.

Vulnerable code example

1  #include <pthread.h>
3  void foo(pthread_mutex_t *mutex) {
4    pthread_mutex_lock(mutex);
5    sleep(30000);
6    pthread_mutex_unlock(mutex);
7  }

Klocwork flags line 5 to indicate that the call to blocking function sleep occurs when the mutex was locked at line 4.

Related checkers

Security training

Application security training materials provided by Secure Code Warrior.


This checker can be extended. The related knowledge base record kinds are:

See Tuning C/C++ analysis for more information.