The C Language facilities setjmp()
and longjmp()
can be used as a poor attempt to simulate the throwing and catching of exceptions, but they are very low-level facilities, and using them can bypass proper resource management and the proper calling of destructors.
Non-Compliant Code Example
Compliant Solution
Risk Assessment
Using setjmp()
and longjmp()
could lead to a denial-of-service attack.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
RES39-C |
1 (low) |
2 (probable) |
2 (medium) |
P4 |
L3 |
References
[[Henricson 97]] Rule 13.3 Do not use setjmp()
and longjmp()
.
MSC16-CPP. Consider encrypting function pointers 49. Miscellaneous (MSC) MSC18-CPP. Finish every set of statements associated with a case label with a break statement