The C Language facilities setjmp() and longjmp() can be used as a poor attempt to simulate the throwing and catching of exceptions, but they are very low-level facilities and using them can bypass proper resource management and the proper calling of destructors.
Non-Compliant Code Example
Compliant Solution
Priority: P4 Level: L3
Using setjmp() and longjmp() could lead to a denial-of-service attack.
Component |
Value |
|---|---|
Severity |
1 (low) |
Likelihood |
2 (probable) |
Remediation cost |
2 (medium) |
References
- Henricson 97 Rule 13.3 Do not use
setjmp()andlongjmp().