Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Do not explicitly or implicitly call std::quick_exit(),  std::abort(), or std::_Exit(). When the default terminate_handler is installed or the current terminate_handler responds by calling std::abort() or std::_Exit(), do not explicitly or implicitly call std::terminate()Abnormal process termination is the typical vector for denial-of-service attacks.

The std::exit() function is more complex. The C++ Standard, [basic.start.main], paragraph 4, states:

Terminating the program without leaving the current block (e.g., by calling the function std::exit(int) (17.5)) does not destroy any objects with automatic storage duration (11.4.6). If std::exit is called to end a program during the destruction of an object with static or thread storage duration, the program has undefined behavior.

You may call It is acceptable to call a termination function that safely executes destructors and properly cleans up resources, such as std::exit() only in a program that has not yet initialized any objects with automatic storage duration.

Noncompliant Code Example

...

Allowing the application to abnormally terminate can lead to resources not being freed, closed, and so on. It is frequently a vector for denial-of-service attacks.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

ERR50-CPP

Low

Probable

Medium

P4

L3

Automated Detection

Tool

Version

Checker

Description

Astrée

Include Page
Astrée_V
Astrée_V

stdlib-use
Partially checked
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

BADFUNC.ABORT
BADFUNC.EXIT

Use of abort
Use of exit

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C++5014
Klocwork
Include Page
Klocwork_V
Klocwork_V
MISRA.TERMINATE
CERT.
CATCH.ALL 
ERR.ABRUPT_TERM
LDRA tool suite
Include Page
LDRA_V
LDRA_V

122 S

Enhanced Enforcement

PRQA QA-
Parasoft C/C++test

Include Page

PRQA QA-C++_VPRQA QA-C++_V

4037, 4038, 4636, 4637

Parasoft_V
Parasoft_V

CERT_CPP-ERR50-a
CERT_CPP-ERR50-b
CERT_CPP-ERR50-c
CERT_CPP-ERR50-d
CERT_CPP-ERR50-e
CERT_CPP-ERR50-f
CERT_CPP-ERR50-g
CERT_CPP-ERR50-h
CERT_CPP-ERR50-i
CERT_CPP-ERR50-j
CERT_CPP-ERR50-k
CERT_CPP-ERR50-l
CERT_CPP-ERR50-m
CERT_CPP-ERR50-n

The execution of a function registered with 'std::atexit()' or 'std::at_quick_exit()' should not exit via an exception
Never allow an exception to be thrown from a destructor, deallocation, and swap
Do not throw from within destructor
There should be at least one exception handler to catch all otherwise unhandled exceptions
An empty throw (throw;) shall only be used in the compound-statement of a catch handler
Exceptions shall be raised only after start-up and before termination of the program
Each exception explicitly thrown in the code shall have a handler of a compatible type in all call paths that could lead to that point
Where a function's declaration includes an exception-specification, the function shall only be capable of throwing exceptions of the indicated type(s)
Function called in global or namespace scope shall not throw unhandled exceptions
Always catch exceptions
Properly define exit handlers
The 'abort()' function from the 'stdlib.h' or 'cstdlib' library shall not be used
Avoid throwing exceptions from functions that are declared not to throw
The 'quick_exit()' and '_Exit()' functions from the 'stdlib.h' or 'cstdlib' library shall not be used

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C++: ERR50-CPPChecks for implicit call to terminate() function (rule partially covered)
PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V667, V2014
RuleChecker
Include Page
RuleChecker_V
RuleChecker_V
stdlib-use
Partially checked
 
SonarQube C/C++ Plugin
Include Page
SonarQube C/C++ Plugin_V
SonarQube C/C++ Plugin_V
S990
 

Related Vulnerabilities

Search for other vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

Bibliography

[ISO/IEC 9899-2011]Subclause 7.20.4.1, "The abort Function"
Subclause 7.20.4.4, "The _Exit Function"
[ISO/IEC 14882-2014]

Subclause 15.5.1, "The std::terminate() Function"
Subclause 18.5, "Start and Termination" 

[MISRA 2008]Rule 15-3-2 (Advisory)
Rule 15-3-4 (Required)

...


...

Image Modified Image Modified Image Modified