...
All exceptions thrown by an application must be caught by a matching exception handler. Even if the exception cannot be gracefully recovered from, this using the matching exception handler ensures that the stack will be properly unwound , and provide provides an opportunity to gracefully manage external resources prior to before terminating the process.
Noncompliant Code Example
In this noncompliant code example, the function f() does not catch exceptions thrown by throwing_func(). Since Because no matching handler can be found for the exception thrown, std::terminate() is called.
...
In this compliant solution, the main entrypoint handles entry point handles all exceptions. This , which ensures that the stack is unwound up to the main() function , and allows for graceful management of external resources:
...
In this noncompliant code example, the thread entrypoint entry point function thread_start() does not catch exceptions thrown by throwing_func(). If the initial thread function exits due to because an exception being is thrown, std::terminate() is called.
...
Allowing the application to abnormally terminate can lead to resources not being freed, closed, etc. It is frequently a vector for denial-of-service attacks.
...
Search for other vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| SEI CERT C++ Coding Standard | ERR50-CPP. Do not call std::terminate(), std::abort(), or std::_Exit() |
| MITRE CWE | CWE-754, Improper Check for Unusual or Exceptional Conditions |
...
| [ISO/IEC 14882-2014] | 15.1, "Throwing an Exception" |
| [MISRA 08] | Rule 15-3-2, "There should be at least one exception handler to catch all otherwise unhandled exceptions" Rule 15-3-4, "Each exception explicitly thrown in the code shall have a handler of a compatible type in all call paths that could lead to that point" |
...