The C Language facilities setjmp() and longjmp() can be used as a poor attempt to simulate the throwing and catching of exceptions, but they are very low-level facilities, and using them can bypass proper resource management and the proper calling of destructors.
The C++ Standard ISO/IEC 14882-2003, section 18.7 paragraph 4. says:
The function signature longjmp(jmp_buf jbuf, int val) has more restricted behavior in this International Standard. A setjmp/longjmp call pair has undefined behavior if replacing the setjmp and longjmp by catch and throw would destroy any automatic objects.
Using setjmp() and longjmp() could lead to a denial-of-service attack.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
RES39-C |
1 (low) |
2 (probable) |
2 (medium) |
P4 |
L3 |
\[[ISO/IEC 14882-2003|AA. C++ References#ISO/IEC 14882-2003]\] Section 18.7
\[[Henricson 97|AA. C++ References#Henricson 97]\] Rule 13.3 Do not use {{setjmp()}} and {{longjmp()}}. |
MSC16-CPP. Consider encrypting function pointers 49. Miscellaneous (MSC) MSC18-CPP. Finish every set of statements associated with a case label with a break statement