 
                            ...
In this code, the exception handler recovers the resources associated with the object pointed to by pst.It might be better to replace the pointer pst with an auto_ptr that automatically cleans up itself.
Compliant Solution
A better approach would be to employ RAII. This forces every object to 'clean up after itself' in the face of abnormal behavior, preventing the programmer from having to do so. A judicious auto_ptr would delete the next item whether an error occurs or not.
| Code Block | ||
|---|---|---|
| 
 | ||
| 
while (moreToDo) {
   std::auto_ptr<SomeType> pst = getNextItem();
   try {
      pst->processItem();
   }
   catch (...) {
      // deal with exception
      throw; // pst automatically freed
   }
   // pst automatically freed
}
 | 
Risk Assessment
Memory and other resource leaks will eventually cause a program to crash. If an attacker can provoke repeated resource leaks by forcing an exception to be thrown through the submission of suitably crafted data, then the attacker can mount a denial-of-service attack.
...