The C Language facilities setjmp() and longjmp() can be used as a poor attempt to simulate the throwing and catching of exceptions, but they are very low-level facilities, and using them can bypass proper resource management and the proper calling of destructors.
Non-Compliant Code Example
Compliant Solution
Risk Assessment
Using setjmp() and longjmp() could lead to a denial-of-service attack.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
RES39-C |
1 (low) |
2 (probable) |
2 (medium) |
P4 |
L3 |
References
[[Henricson 97]] Rule 13.3 Do not use setjmp() and longjmp().
RES38-C. Do not leak resources when throwing exceptions 08. Memory Management (MEM) 09. Input Output (FIO)