Page History

...

atexit() is only called by exit() or upon normal completion of main().

return from main()

Since main() is defined to have return type int, another valid exit strategy is to simply use a return statement.

\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] (C99) section 5.1.2.2.3 has this to say about returning from {{main()}}:

If the return type of the main function is a type compatible with int, a return from the initial call to the main function is equivalent to calling the exit function with the value returned by the main function as its argument; reaching the } that terminates the main function returns a value of 0. If the return type is not compatible with int, the termination status returned to the host environment is unspecified.

So returning from main() is usually identical to calling exit(). Many compilers implement this behavior with something analogous to:

void _start() {
  /* ... */
  exit(main(argc,argv));
}

However, making out of main is conditional on correctly being able to handle all errors in a way that does not force premature termination.  (see \[[ERR00-A. Adopt and implement a consistent and comprehensive error handling policy]\] and \[[ERR05-A. Application-independent code must provide error detection without dictating error handling]\])

_Exit()

A more abrupt function, _Exit() also takes one argument and never returns. The standard specifies that _Exit() also closes open file descriptors, but does not specify if _Exit() flushes file buffers or deletes temporary files. Functions registered by atexit() are not executed.

...

Non-Compliant Code Example

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 5.1.2.2.3, "Program termination"
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.20.4, "Communication with the environment"
\[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\] "REU Termination strategy"

...