According to N1401 - C1X document,

The rand function is not required to avoid data races.

Similarly, the following library functions are also not required to avoid data races

getenv()
strtok()
strerror()
asctime()
ctime()

Multiple threads invoking the same function can cause concurrency problems. Concurrency problems can often result in abnormal behavior, but it is possible for them to result in more serious vulnerabilities.

Non Compliant Code

Consider a multithreaded application which involves a function which returns a random value each time it is invoked. If two threads concurrently invoke the rand() function, it may result in undefined behavior and may also result in rand() returning the same value in both the threads.

Compliant Solution

The compliant solution uses a mutex to make each call to rand() library function atomic

Space shortcuts

Page tree

Non Compliant Code

Compliant Solution

Space shortcuts

Page tree

POSXX-C. Beware of race conditions when using library functions that do not promise to be thread-safe

Non Compliant Code

Compliant Solution