SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 21

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 22

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

It is important that resources are reclaimed when exceptions are thrown. Throwing an exception may result in cleanup code being bypassed. As a result, it is the responsibility of the exception handler to properly clean up. This may be problematic if the exception is to be caught in a different function or module. Instead, it is preferable if resources are reclaimed automatically when objects go out of scope.

Non-Compliant Code Example

In this non-compliant code example, the resources associated with the object pointed to by pst are not recovered in the event that processItem throws an exception, thereby potentially causing a resource leak.

Code Block
bgColor#FFcccc
while (moreToDo) {
   SomeType *pst = getNextItemnew SomeType();
   try {
      pst->processItem();
   }
   catch (...) {
      // deal with exception
      throw;
   }
   delete pst;
}

Compliant Solution

The In this code of the Non-Compliant Code Example does not recover , the exception handler recovers the resources associated with the object pointed to by pst in the event that processItem throws an exception, thereby potentially causing a resource leak.

Compliant Solution

Code Block
bgColor#ccccff
while (moreToDo) {
   SomeType *pst = new getNextItemSomeType();
   try {
      pst->processItem();
   }
   catch (...) {
      // deal with exception
      delete pst;
      throw;
   }
   delete pst;
}

In this code, the exception handler recovers the resources associated with the object pointed to by pst.

Compliant Solution

A better approach would be to employ RAII. This forces every object to 'clean up after itself' in the face of abnormal behavior, preventing the programmer from having to do so. A judicious auto_ptr would delete free the next item resource whether an error occurs or not.

Code Block
bgColor#ccccff
while (moreToDo) {
   std::auto_ptr<SomeType> pst = getNextItemnew SomeType();
   try {
      pst->processItem();
   }
   catch (...) {
      // deal with exception
      throw; // pst automatically freed
   }
   // pst automatically freed
}

Risk Assessment

Memory and other resource leaks will eventually cause a program to crash. If an attacker can provoke repeated resource leaks by forcing an exception to be thrown through the submission of suitably crafted data, then the attacker can mount a denial-of-service attack.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

RES38-C

1 (low)

2 (probable)

1 (high)

P2

L3

References

Wiki Markup
\[[Meyers 96|AA. C++ References#Meyers 96]\] Item 9: "Use destructors to prevent resource leaks".

...