Page History

...

Using setjmp() and longjmp() could lead to a denial-of-service attack due to resources not being properly destroyed.

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
ERR52-CPP	Low	Probable	Medium	P4	L3

Automated Detection

Tool

Version

Checker

Description

Astrée

Include Page

	Astrée_V
	Astrée_V

include-setjmp

Fully checked

Axivion Bauhaus Suite

Include Page

	Axivion Bauhaus Suite_V
	Axivion Bauhaus Suite_V

CertC++-ERR52

Clang

Include Page

	Clang_38_V
	Clang_38_V

cert-err52-cpp

Checked by clang-tidy.

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

BADFUNC.LONGJMP
BADFUNC.SETJMP

Use of longjmp
Use of setjmp

Helix QAC

Include Page

	Helix QAC_V
	Helix QAC_V

C++5015

Klocwork

Include Page

	Klocwork_V
	Klocwork_V

MISRA.STDLIB.LONGJMP

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

43 S

Fully implemented

Parasoft C/C++test

9.5MISRA2012-RULE-21_4_{a,b}, JSF-020

PRQA QA-C++

Include PagePRQA QA-C++_VPRQA QA-C++_V

Secondary analysis

Include Page

	Parasoft_V
	Parasoft_V

CERT_CPP-ERR52-a
CERT_CPP-ERR52-b

The facilities provided by <setjmp.h> should not be used
The standard header files <setjmp.h> or <csetjmp> shall not be used

Polyspace Bug Finder

Include Page

	Polyspace Bug Finder_V
	Polyspace Bug Finder_V

CERT C++: ERR52-CPP

Checks for use of setjmp/longjmp (rule fully covered)

RuleChecker

Include Page

	RuleChecker_V
	RuleChecker_V

include-setjmp

Fully checked

SonarQube C/C++ Plugin

Include Page

	SonarQube C/C++ Plugin_V
	SonarQube C/C++ Plugin_V

S982

Related Vulnerabilities

Search for other vulnerabilities resulting from the violation of this rule on the CERT website.

Bibliography

[Henricson

97

1997]	Rule 13.3, Do not use `setjmp()` and `longjmp()`
[ISO/IEC 14882-2014]	Subclause 18.10, "Other Runtime Support"

...

Image Modified Image Modified Image Modified

Space shortcuts

Page tree

Versions Compared

Old Version 56

New Version Current

Key

Automated Detection

Related Vulnerabilities

Bibliography