...
In this code, the exception handler recovers the resources associated with the object pointed to by pst.It might be better to replace the pointer pst with an auto_ptr that automatically cleans up itself.
Compliant Solution
A better approach would be to employ RAII. This forces every object to 'clean up after itself' in the face of abnormal behavior, preventing the programmer from having to do so. A judicious auto_ptr would delete the next item whether an error occurs or not.
| Code Block | ||
|---|---|---|
| ||
while (moreToDo) {
std::auto_ptr<SomeType> pst = getNextItem();
try {
pst->processItem();
}
catch (...) {
// deal with exception
throw; // pst automatically freed
}
// pst automatically freed
}
|
Risk Assessment
Memory and other resource leaks will eventually cause a program to crash. If an attacker can provoke repeated resource leaks by forcing an exception to be thrown through the submission of suitably crafted data, then the attacker can mount a denial-of-service attack.
...