Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Using setjmp() and longjmp() could lead to a denial-of-service attack due to resources not being properly destroyed.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

ERR52-CPP

Low

Probable

Medium

P4

L3

Automated Detection

Tool

Version

Checker

Description

Astrée

Include Page
Astrée_V
Astrée_V

include-setjmp
Fully checked
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC++-ERR52
Clang
Include Page
Clang_38_V
Clang_38_V
cert-err52-cppChecked by clang-tidy.
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

BADFUNC.LONGJMP
BADFUNC.SETJMP

Use of longjmp
Use of setjmp
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C++5015
Klocwork
Include Page
Klocwork_V
Klocwork_V
MISRA.STDLIB.LONGJMP
 

LDRA tool suite
Include Page
LDRA_V
LDRA_V

43 S

Fully implemented

Parasoft C/C++test
9.5MISRA2012-RULE-21_4_{a,b}, JSF-020 
Include Page
Parasoft_V
Parasoft_V

CERT_CPP-ERR52-a
CERT_CPP-ERR52-b

The facilities provided by <setjmp.h> should not be used
The standard header files <setjmp.h> or <csetjmp> shall not be used

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C++: ERR52-CPPChecks for use of setjmp/longjmp (rule fully covered)
RuleChecker
Include Page
RuleChecker_V
RuleChecker_V
include-setjmp
Fully checked
PRQA QA-C++ Include PagePRQA QA-C++_VPRQA QA-C++_V

Secondary analysis

 
SonarQube C/C++ Plugin
Include Page
SonarQube C/C++ Plugin_V
SonarQube C/C++ Plugin_V
S982
 

Related Vulnerabilities

Search for other vulnerabilities resulting from the violation of this rule on the CERT website.

Bibliography

[Henricson 1997]Rule 13.3, Do not use setjmp() and longjmp()
[ISO/IEC 14882-2014]Subclause 18.10, "Other Runtime Support"

...


...

Image Modified Image Modified Image Modified