SEI CERT C++ Coding Standard

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 24 Next »

Not all exceptions can be caught, even with careful use of function-try-blocks. The C++ Standard, [except.handle], paragraph 13 [ISO/IEC 14882-2014], states:

Exceptions thrown in destructors of objects with static storage duration or in constructors of namespace scope objects with static storage duration are not caught by a function-try-block on main() . Exceptions thrown in destructors of objects with thread storage duration or in constructors of namespace-scope objects with thread storage duration are not caught by a function-try-block on the initial function of the thread.

When declaring an object with static or thread storage duration, the type's constructor must be declared noexcept(true) and must comply with ERR55-CPP. Honor exception specifications.

For more information on exception specifications of destructors, see DCL57-CPP. Do not let exceptions escape from destructors or deallocation functions.

Noncompliant Code Example

In this noncompliant example, the constructor of global may throw an exception during program startup (the std::string constructor accepting a const char * and a default allocator object is not marked noexcept(true) and consequently allows all exceptions). This exception is not caught by the function-try-block on main(), resulting in a call to std::terminate() and abnormal program termination.

#include <string>
 
static const std::string global("...");

int main()
try {
  // ...
} catch(...) {
  // IMPORTANT: Will not catch exceptions thrown
  // from the constructor of global
}

Compliant Solution

Compliant code must prevent exceptions from escaping during program startup and termination. This compliant solution avoids defining a std::string at global namespace scope and instead uses a static const char *:

static const char *global = "...";

int main() {
  // ...
}

Risk Assessment

Throwing an exception that cannot be caught results in abnormal program termination and can lead to denial-of-service attacks.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

ERR58-CPP

Low

Likely

Low

P9

L2

Automated Detection

Tool

Version

Checker

Description

Clang3.9cert-err58-cppChecked by clang-tidy
Parasoft C/C++test9.5MISRA2008-15_3_1, EXCEPT-18 

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

 SEI CERT C++ Coding StandardDCL57-CPP. Do not let exceptions escape from destructors or deallocation functions
ERR50-CPP. Do not call std::terminate(), std::abort(), or std::_Exit()
ERR55-CPP. Honor exception specifications

Bibliography

[ISO/IEC 14882-2014]Subclause 15.4, "Exception Specifications"
[Sutter 00]Item 8, "Writing Exception-Safe Code—Part 1"

 

 

  • No labels