Not all exceptions can be caught, even with careful use of function-try-blocks. The C++ Standard, [except.handle], paragraph 13 [ISO/IEC 14882-2014], states:
Exceptions thrown in destructors of objects with static storage duration or in constructors of namespace scope objects with static storage duration are not caught by a function-try-block on
main()
. Exceptions thrown in destructors of objects with thread storage duration or in constructors of namespace-scope objects with thread storage duration are not caught by a function-try-block on the initial function of the thread.
When declaring an object with static or thread storage duration, the type's constructor must be declared noexcept(true)
and must comply with ERR55-CPP. Honor exception specifications.
For more information on exception specifications of destructors, see DCL58-CPP. Destructors and deallocation functions must be declared noexcept.
Noncompliant Code Example
In this noncompliant example, the constructor of global
may throw an exception during program startup (the std::string
constructor accepting a const char *
and a default allocator object is not marked noexcept(true)
and consequently allows all exceptions). This exception is not caught by the function-try-block on main()
, resulting in a call to std::terminate()
and abnormal program termination.
#include <string> static const std::string global("..."); int main() try { // ... } catch(...) { // IMPORTANT: Will not catch exceptions thrown // from the constructor of global }
Compliant Solution
Compliant code must prevent exceptions from escaping during program startup and termination. This compliant solution avoids defining a std::string
at global namespace scope and instead uses a static const char *
:
static const char *global = "..."; int main() { // ... }
Risk Assessment
Throwing an exception that cannot be caught results in abnormal program termination and can lead to denial-of-service attacks.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
ERR58-CPP | Low | Likely | Low | P9 | L2 |
Automated Detection
Tool | Version | Checker | Description |
---|---|---|---|
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Bibliography
[ISO/IEC 14882-2014] | 15.4, "Exception Specifications" |
[Sutter 00] | Item 8: "Writing Exception-Safe Code—Part 1" |
ERR57-CPP. Do not leak resources when handling exceptions Rule 09. Object Oriented Programming (OOP)