...
The default terminate handler called by std::terminate() calls std::abort(), which abnormally terminates the process. When std::abort() is called, or if the implementation does not unwind the stack prior to calling std::terminate(), destructors for objects may not be called and external resources can be left in an indeterminate state. Abnormal process termination is the typical vector for denial-of-service attacks. For more information on implicitly calling std::terminate(), see ERR50-CPP. Do not call std::terminate(), std::abort(), or std::_Exit().
...
In this compliant solution, the thread_start() handles all exceptions and does not rethrow, allowing the thread to terminate normally:
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <thread>
void throwing_func() noexcept(false);
void thread_start(void) {
try {
throwing_func();
} catch (...) {
// Handle error
}
}
void f() {
std::thread t(thread_start);
t.join();
} |
...
Allowing the application to abnormally terminate can lead to resources not being freed, closed, etcand so on. It is frequently a vector for denial-of-service attacks.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
ERR51-CPP | Low | Probable | Medium | P4 | L3 |
...