Missing RUnlock on RWMutex
Description
Missing `RUnlock` on an `RWMutex` lock before returning from a function. This can cause a deadlock or other concurrency issues.
Examples
Insecure Code
go
func foo(mu *sync.RWMutex) { mu.RLock(); return }Secure Code
go
func foo(mu *sync.RWMutex) { mu.RLock(); defer mu.RUnlock(); return }Remediation
Add a call to `RUnlock` before returning from the function, or use a `defer` statement to ensure it is called even if an error occurs.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0214 |
| Category | Concurrency |
| Severity | HIGH |
| CWE | CWE-667 |
| Confidence | MEDIUM |
| Impact | MEDIUM |
| Likelihood | HIGH |
| Exploitability | MODERATE |
| Tags | concurrency, mutex |
| OWASP | N/A |
References
- https://pkg.go.dev/sync#RWMutex
- https://blog.trailofbits.com/2020/06/09/how-to-check-if-a-mutex-is-locked-in-go/