SEI CERT C++ Coding Standard

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Next »

Not all exceptions can be caught, even with careful use of function try blocks. The C++ Standard, [except.handle], paragraph 13, states:

Exceptions thrown in destructors of objects with static storage duration or in constructors of namespace scope objects with static storage duration are not caught by a function-try-block on main() . Exceptions thrown in destructors of objects with thread storage duration or in constructors of namespace-scope objects with thread storage duration are not caught by a function-try-block on the initial function of the thread.

When declaring an object with static or thread storage duration, the type's constructor must be declared noexcept(true) and comply with ERR55-CPP. Honor exception specifications.

For more information on exception specifications of destructors, see DCL58-CPP. Destructors and deallocation functions must be declared noexcept.

Noncompliant Code Example

In this noncompliant example, the constructor of global may throw an exception during program startup (the std::string constructor accepting a const char * and a default allocator object is not marked noexcept(true) and thus allows all exceptions). This exception is not caught by the function-try-block on main(), resulting in a call to std::terminate() and abnormal program termination.

#include <string>
 
static const std::string global("...");

int main()
try {
  // ...
} catch(...) {
  // IMPORTANT: will not catch exceptions thrown
  // from the constructor of global.
}

Compliant Solution

Compliant code must prevent exceptions from escaping during program startup and termination. This compliant solution avoids defining a std::string at global namespace scope, and instead uses a static const char *:

static const char *global = "...";

int main() {
  // ...
}

Risk Assessment

Throwing an exception which cannot be caught results in abnormal program termination, and can lead to denial-of-service attacks.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

ERR41-CPP

Low

Likely

Low

P9

L2

Automated Detection

Tool

Version

Checker

Description

    

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

 

 CERT C++ Coding StandardERR50-CPP. Do not call std::terminate(), std::abort(), or std::_Exit()
ERR55-CPP. Honor exception specifications
DCL58-CPP. Destructors and deallocation functions must be declared noexcept 

Bibliography

[ISO/IEC 14882-2014]15.4, "Exception Specifications"
[Sutter 00]Item 8, "Writing Exception-Safe Code—Part 1"
  • No labels