Page History

...

Using setjmp() and longjmp() could lead to a denial-of-service attack due to resources not being properly destroyed.

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
ERR52-CPP	Low	Probable	Medium	P4	L3

Automated Detection

Tool

Version

Checker

Description

Astrée

Include Page

	Astrée_V
	Astrée_V

include-setjmp

Fully checked

Axivion Bauhaus Suite

Include Page

	Axivion Bauhaus Suite_V
	Axivion Bauhaus Suite_V

CertC++-ERR52

Clang

Include Page

	Clang_38_V
	Clang_38_V

cert-err52-cpp

Checked by clang-tidy.

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

BADFUNC.LONGJMP
BADFUNC.SETJMP

Use of longjmp
Use of setjmp

Helix QAC

Include Page

	Helix QAC_V
	Helix QAC_V

C++5015

Klocwork

Include Page

	Klocwork_V
	Klocwork_V

MISRA.STDLIB.LONGJMP

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

43 S

Fully implemented

Parasoft C/C++test

Include Page

cplusplus:

	Parasoft_V

cplusplus:

	Parasoft_V

MISRA2012

CERT_CPP-

RULE

ERR52-

21_4_{a,b}, JSF-020

a
CERT_CPP-ERR52-b

The facilities provided by <setjmp.h> should not be used
The standard header files <setjmp.h> or <csetjmp> shall not be used

Polyspace Bug Finder

Include Page

	Polyspace Bug Finder_V
	Polyspace Bug Finder_V

CERT C++: ERR52-CPP

Checks for use of setjmp/longjmp (rule fully covered)

RuleChecker

Include Page

	RuleChecker_V
	RuleChecker_V

include-setjmp

Fully checked

PRQA QA-C++ Include PagePRQA QA-C++_VPRQA QA-C++_V

5015

SonarQube C/C++ Plugin

Include Page

	SonarQube C/C++ Plugin_V
	SonarQube C/C++ Plugin_V

S982

Related Vulnerabilities

Search for other vulnerabilities resulting from the violation of this rule on the CERT website.

Bibliography

[Henricson 1997]	Rule 13.3, Do not use `setjmp()` and `longjmp()`
[ISO/IEC 14882-2014]	Subclause 18.10, "Other Runtime Support"

...

Space shortcuts

Page tree

Versions Compared

Old Version 65

New Version Current

Key

Automated Detection

Related Vulnerabilities

Bibliography