...
Using setjmp()
and longjmp()
could lead to a denial-of-service attack due to resources not being properly destroyed.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
ERR52-CPP | Low | Probable | Medium | P4 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Astrée |
| include-setjmp | Fully checked | ||||||
Axivion Bauhaus Suite |
| CertC++-ERR52 | |||||||
Clang |
| cert-err52-cpp | Checked by clang-tidy . | ||||||
CodeSonar |
| BADFUNC.LONGJMP | Use of longjmp Use of setjmp | ||||||
Helix QAC |
| C++5015 | |||||||
Klocwork |
| MISRA.STDLIB.LONGJMP |
LDRA tool suite |
| 43 S | Fully implemented | ||||||
Parasoft C/C++test |
| CERT_CPP-ERR52-a | The facilities provided by <setjmp.h> should not be used | |||||||
Polyspace Bug Finder |
| CERT C++: ERR52-CPP | Checks for use of setjmp/longjmp (rule fully covered) | ||||||
RuleChecker |
| include-setjmp | Fully checked |
Secondary analysis
SonarQube C/C++ Plugin |
| S982 |
Related Vulnerabilities
Search for other vulnerabilities resulting from the violation of this rule on the CERT website.
Bibliography
[Henricson 1997] | Rule 13.3, Do not use setjmp() and longjmp() |
[ISO/IEC 14882-2014] | Subclause 18.10, "Other Runtime Support" |
...
...