...
The following table summarizes the exit behavior of the program termination functions.
Function | Closes | Flushes | Removes | Calls | Program |
|---|---|---|---|---|---|
|
|
|
|
| |
|
|
|
|
| |
|
|
|
|
| |
Return from |
|
|
|
|
Table legend:
– Yes. The specified action is performed.
– No. The specified action is not performed.
– Implementation-defined. Whether the specified action is performed depends on the implementation.
...
As an example, using abort() or _Exit() in place of exit() may leave written files in an inconsistent state and may also leave sensitive temporary files on the file system.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
ERR04-C | Medium | Probable | High | P4 | L3 |
Automated Detection
Tool | Version | Checker | Description |
|---|---|---|---|
| Parasoft C/C++test |
|
|
|
| MISRA2004- |
| 20_ |
| 11 | Use of getenv(), abort(), exit() and system() |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| SEI CERT C++ Coding Standard | VOID ERR04-CPP. Choose an appropriate termination strategy |
| CERT Oracle Secure Coding Standard for Java | FIO14-J. Perform proper cleanup at program termination |
| ISO/IEC TR 24772:2013 | Termination Strategy [REU] |
| MITRE CWE | CWE-705, Incorrect control flow scoping |
Bibliography
| [IEEE Std 1003.1:2013] | XSH, System Interfaces, exit |
| [ISO/IEC 9899:2011] | Subclause 5.1.2.2.3, "Program Termination" Subclause 7.22.4, "Communication with the Environment" |
...
...