...
| Code Block | ||||
|---|---|---|---|---|
| ||||
static const char *global = "...";
int main() {
// ...
} |
Compliant Solution
This compliant solution introduces a class derived from std::string with a constructor that catches all exceptions with a function try block and terminates the application in accordance with ERR50-CPP. Do not abruptly terminate the program in the event any exceptions are thrown. Because no exceptions can escape the constructor, it is marked noexcept and is permissible to use as a static global variable.
For brevity, the full interface for such a type is not described.
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <cassert>
#include <string>
namespace my {
struct string : std::string {
explicit string(const char *msg,
const std::string::allocator_type &alloc = std::string::allocator_type{}) noexcept
try : std::string(msg, alloc) {} catch(...) {
assert(false && "std::string constructor threw an exception");
}
// ...
};
}
static const my::string global("...");
int main() {
// ...
} |
Risk Assessment
Throwing an exception that cannot be caught results in abnormal program termination and can lead to denial-of-service attacks.
...