Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls
Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls
CWE-1265
Short description
Extended description
Best practices to prevent this CWE
Phase: Architecture and Design
When architecting a system that will execute untrusted code in response to events, consider executing the untrusted event handlers asynchronously (asynchronous message passing) as opposed to executing them synchronously at the time each event fires. The untrusted code should execute at the start of the next iteration of the thread's message loop. In this way, calls into non-reentrant code are strictly serialized, so that each operation completes fully before the next operation begins. Special attention must be paid to all places where type coercion may result in script execution. Performing all needed coercions at the very beginning of an operation can help reduce the chance of operations executing at unexpected junctures.
Effectiveness: High
Phase: Implementation
Make sure the code (e.g., function or class) in question is reentrant by not leveraging non-local data, not modifying its own code, and not calling other non-reentrant code.
