Code Correctness: Call to Thread.run()

From OWASP

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

This article includes content generously donated to OWASP by .

Contents 1 Description 2 Risk Factors 3 Examples 4 Related Attacks 5 Related Vulnerabilities 6 Related Controls 7 Related Technical Impacts 8 References

ASDR Table of Contents

Last revision (mm/dd/yy): 10/29/2008

Description

The program calls a thread's run() method instead of calling start().

In most cases a direct call to a Thread object's run() method is a bug. The programmer intended to begin a new thread of control, but accidentally called run() instead of start(), so the run() method will execute in the caller's thread of control.

Risk Factors

TBD

Examples

The following excerpt from a Java program mistakenly calls run() instead of start().

   Thread thr = new Thread() {
     public void run() {
       ...
     } 
   };
   thr.run();

Related Attacks

• Attack 1
• Attack 2

Related Vulnerabilities

• Vulnerability 1
• Vulnerabiltiy 2

Related Controls

• Control 1
• Control 2

Related Technical Impacts

• Technical Impact 1
• Technical Impact 2

References

Note: A reference to related CWE or CAPEC article should be added when exists. Eg:

• CWE 79.
• http://www.link1.com
• Title for the link2