Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM Cost Reform

...

A nested call to an exit function is undefined behavior. (See undefined behavior 182187.) This behavior can occur only when an exit function is invoked from an exit handler or when an exit function is called from within a signal handler. (See SIG30-C. Call only asynchronous-safe functions within signal handlers.)

If a call to the longjmp() function is made that would terminate the call to a function registered with atexit(), the behavior is undefined behavior 187. 

Noncompliant Code Example

In this noncompliant code example, the exit1() and exit2() functions are registered by atexit() to perform required cleanup upon program termination. However, if some_condition evaluates to true, exit() is called a second time, resulting in undefined behavior 187.

Code Block
bgColor#FFcccc
langc
#include <stdlib.h>

void exit1(void) {
  /* ... Cleanup code ... */
  return;
}
 
void exit2(void) {
  extern int some_condition;
  if (some_condition) {
    /* ... More cleanup code ... */
    exit(0);
  }
  return;
}

int main(void) {
  if (atexit(exit1) != 0) {
    /* Handle error */
  }
  if (atexit(exit2) != 0) {
    /* Handle error */
  }
  /* ... Program code ... */
  return 0;
}

...

Terminating a call to an exit handler in any way other than by returning is undefined behavior and may result in abnormal program termination or other unpredictable behavior. It may also prevent other registered handlers from being invoked.

Rule

Severity

Likelihood

Detectable

Remediation CostRepairable

Priority

Level

ENV32-C

Medium

Likely

Yes

NoMedium

P12

L1

Automated Detection

C4856 C4857, C4858C++4856, C++4857, C++4858

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V

user_defined

bad-function

bad-function-use

Soundly supported
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-ENV32
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

BADFUNC.ABORT
BADFUNC.EXIT
BADFUNC.LONGJMP

Use of abort
Use of exit
Use of longjmp

Compass/ROSE



Can detect violations of this rule. In particular, it ensures that all functions registered with atexit() do not call functions such as exit()

Cppcheck Premium
24.9.0
premium-cert-env32-c


Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

DF4856,

DF4857, DF4858


Klocwork

Include Page
Klocwork_V
Klocwork_V

CERT.EXIT.HANDLER_TERMINATE


LDRA tool suite
Include Page
LDRA_V
LDRA_V
122 S
7 S
Enhanced enforcement
Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_C-ENV32-a

Properly define exit handlers

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule ENV32-CChecks for abnormal termination of exit handler (rule fully covered)
RuleChecker

Include Page
RuleChecker_V
RuleChecker_V

bad-function

bad-function-use

Supported

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...