The C99 exit() function is used for normal program termination. Nested calls to exit() result in undefined behavior. This can only occur when exit() is invoked from a function registered with atexit().
Non-Compliant Code Example
So that it might perform cleanup upon program termination, exit1() is registered by atexit(). If condition evaluates to true, exit() will be called a second time, resulting in undefined behavior.
| Code Block | ||
|---|---|---|
| ||
#include <stdio.h>
#include <stdlib.h>
void exit1(void) {
if (/* condition */) {
/* ...cleanup code... */
exit(0);
}
}
int main (void) {
atexit(exit1);
/* ...program code... */
exit(0);
}
|
Compliant Solution
_Exit() and abort() will both immediately halt program execution, and may be used within functions registered by atexit().
...
| Code Block | ||
|---|---|---|
| ||
#include <stdio.h>
#include <stdlib.h>
void exit1(void) {
if (/* condition */) {
/* ...cleanup code... */
}
_Exit(0)return;
}
}
int main (void) {
atexit(exit1);
/* ...program code... */
exit(0);
}
|
Risk Assessment
Multiple calls to exit() are unlikely, and at worst will only cause denial of service attacks or abnormal program termination.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
ENV32-C | low | unlikely | low | P3 | L3 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.20.4.3, "The {{exit}} function"
\[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\] "EWD Structured Programming" |
...