CWE-572: Call to Thread run() instead of start()

Description

The product calls a thread's run() method instead of calling start(), which causes the code to run in the thread of the caller instead of the callee.

Extended Description

In most cases a direct call to a Thread object's run() method is a bug. The programmer intended to begin a new thread of control, but accidentally called run() instead of start(), so the run() method will execute in the caller's thread of control.

ThreatScore

Threat Mapped score: 0.0

Industry: Finiancial

Threat priority: Unclassified

Observed Examples (CVEs)

No observed examples available.

Related Attack Patterns (CAPEC)

N/A

Attack TTPs

N/A

Modes of Introduction

Phase	Note
Implementation	N/A

Common Consequences

Impact: Quality Degradation, Varies by Context — Notes:

Potential Mitigations

Implementation: Use the start() method instead of the run() method. (N/A)

Applicable Platforms

Java (N/A, Undetermined)

Demonstrative Examples

Intro: The following excerpt from a Java program mistakenly calls run() instead of start().

Thread thr = new Thread() { public void run() { ... } }; thr.run();

Notes

No notes available.

← Back to CWE list