SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 70

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version Current

changes.mady.by.user Kris Kafka

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added PC-lint Plus to Automated Detection Table

...

Anchor
1
1
[1] Note that POSIX strengthens the specification for _Exit() by prohibiting the function from flushing stream buffers. See the documentation of the function in The Open Group Base Specifications Issue 7, IEEE Std 1003.1, 2008 2013 Edition [IEEE Std 1003.1-2008:2013].

Code Block
bgColor#ccccff
langc
#include <stdlib.h>
/* ... */

if (/* Something really bad happened */) {
  _Exit(EXIT_FAILURE);
}

...

Anchor
2
2
[2] Unlike in the case of _Exit(), POSIX explicitly permits but does not require implementations to flush stream buffers. See the documentation of the function in The Open Group Base Specifications Issue 7, IEEE Std 1003.1, 2008 2013 Edition [IEEE Std 1003.1-2008:2013].

Summary

The following table summarizes the exit behavior of the program termination functions.

Function

Closes
Open
Streams

Flushes
Stream
Buffers

Removes
Temporary
Files

Calls
atexit()
Handlers

Program
Termination

abort()

(info)

(info) [2]

(info)

(error)

Abnormal

_Exit()

(info)

(info) [1]

(info)

(error)

Normal

exit()

(tick)

(tick)

(tick)

(tick)

Normal

Return from main()

(tick)

(tick)

(tick)

(tick)

Normal

Table legend:

  • (tick) – Yes. The specified action is performed.
  • (error) – No. The specified action is not performed.
  • (info)Implementation-defined. Whether the specified action is performed depends on the implementation.

...

As an example, using abort() or _Exit() in place of exit() may leave written files in an inconsistent state and may also leave sensitive temporary files on the file system.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

ERR04-C

Medium

Probable

High

P4

L3

Automated Detection

Tool

Version

Checker

Description

Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V

CERT_C-ERR04-a
CERT_C-ERR04-b
CERT_C-ERR04-c

The 'abort()' function from the 'stdlib.h' or 'cstdlib' library shall not be used
The 'exit()' function from the 'stdlib.h' or 'cstdlib' library shall not be used
The 'quick_exit()' and '_Exit()' functions from the 'stdlib.h' or 'cstdlib' library shall not be used

PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

586

Fully supported

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++
Secure
Coding StandardVOID ERR04-CPP. Choose an appropriate termination strategy
CERT Oracle Secure Coding Standard for JavaFIO14-J. Perform proper cleanup at program termination
ISO/IEC TR 24772:2013Termination Strategy [REU]
MITRE CWECWE-705, Incorrect control flow scoping

Bibliography

[IEEE Std 1003.1:2013]XSH, System Interfaces, exit
[ISO/IEC 9899:2011]Subclause 5.1.2.2.3, "Program Termination"
Subclause 7.22.4, "Communication with the Environment"

...


...

Image Modified Image Modified Image Modified