...
Note that the behavior of a program that calls exit()
from an atexit
handler is undefined. (See undefined behavior 182 187 in Annex J of the C Standard. See also ENV32-C. All exit handlers must return normally.)
...
The following table summarizes the exit behavior of the program termination functions.
Function | Closes | Flushes | Removes | Calls | Program |
---|---|---|---|---|---|
| [2] | ||||
| [1] | ||||
| |||||
Return from |
Table legend:
- – Yes. The specified action is performed.
- – No. The specified action is not performed.
- – Implementation-defined. Whether the specified action is performed depends on the implementation.
...
As an example, using abort()
or _Exit()
in place of exit()
may leave written files in an inconsistent state and may also leave sensitive temporary files on the file system.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
ERR04-C | Medium | Probable | High | P4 | L3 |
Automated Detection
Tool | Version | Checker | Description |
---|---|---|---|
Parasoft C/C++test |
|
|
|
CERT_C-ERR04-a | The 'abort()' function from the 'stdlib.h' or 'cstdlib' library shall not be used | ||||||||
PC-lint Plus |
| 586 | Fully supported |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
SEI CERT C++ Coding Standard | VOID ERR04-CPP. Choose an appropriate termination strategy |
CERT Oracle Secure Coding Standard for Java | FIO14-J. Perform proper cleanup at program termination |
ISO/IEC TR 24772:2013 | Termination Strategy [REU] |
MITRE CWE | CWE-705, Incorrect control flow scoping |
Bibliography
[IEEE Std 1003.1:2013] | XSH, System Interfaces, exit |
[ISO/IEC 9899:2011] | Subclause 5.1.2.2.3, "Program Termination" Subclause 7.22.4, "Communication with the Environment" |
...
...