SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 1

changes.mady.by.user Aaron Ballman

Saved on

compared with

New Version Current

changes.mady.by.user Kris Kafka

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added PC-lint Plus to Automated Detection Table

...

Processes behave similar to threads, and so share the same concerns.  Do not use the TerminateThread() or TerminateProcess() APIs.  Instead, you should prefer to exit threads and processes by returning from the entrypoint, by calling ExitThread(), or by calling ExitProcess().

Noncompliant Code Example

In the following example, TerminateThread() is used to forcibly terminate another thread, which can leak resources and leave the application in an indeterminate state.

Code Block
bgColor#ffcccc
langc
#include <Windows.h>
 
DWORD ThreadID;  /* Filled in by call to CreateThread */
 
/* Thread 1 */
DWORD WINAPI ThreadProc(LPVOID param) {
  /* Performing work */
}
 
/* Thread 2 */
HANDLE hThread = OpenThread(THREAD_TERMINATE, FALSE, ThreadID);
if (hThread) {
  TerminateThread(hThread, 0xFF);
  CloseHandle(hThread);
}

 Compliant Solution

The compliant solution avoids calling TerminateThread() by requesting the thread terminate itself by exiting its entrypoint.  It does so in a lock-free, thread-safe manner by using the InterlockedCompareExchange() and InterlockedExchange() Win32 APIs.

Code Block
bgColor#ccccff
langc
#include <Windows.h>
 
DWORD ThreadID;  /* Filled in by call to CreateThread */
LONG ShouldThreadExit = 0;

/* Thread 1 */
DWORD WINAPI ThreadProc(LPVOID param) {
  while (1) {
    /* Performing work */
    if (1 == InterlockedCompareExchange(&ShouldThreadExit, 0, 1))
      return 0xFF;
  }
}
 
/* Thread 2 */
InterlockedExchange(&ShouldThreadExit, 1);

Risk Assessment

Incorrectly using threads that asynchronously cancel may result in silent corruption, resource leaks, and, in the worst case, unpredictable interactions.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

WIN31

WIN01-C

High

Likely

High

P9

L2

Automated Detection

...

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
bad-function
Partially checked
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
(customization)

Users can add a custom check for all uses of  TerminateThread() and TerminateProcess().

PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

586

Fully supported

RuleChecker

Include Page
RuleChecker_V
RuleChecker_V

bad-function
Partially checked

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

TODO (notably, should be one about using ExitThread() from C++ code.

Bibliography

...

 




...

Image ModifiedImage ModifiedImage Modified