Leaky catch¶

ID: cpp/catch-missing-free
Kind: problem
Security severity: 
Severity: warning
Precision: high
Tags:
   - efficiency
   - correctness
   - exceptions
   - external/cwe/cwe-401
Query suites:
   - cpp-security-and-quality.qls

Click to see the query in the CodeQL repository

Modern C++ code and frameworks should not throw or catch pointers. Older frameworks, such as Microsoft’s MFC, do throw and catch pointers. Said pointers will generally point to an exception object allocated on the heap, and therefore need to be freed when they are caught. Failure to free them will result in a memory leak.

Recommendation¶

The catch block should be augmented to delete the exception pointer.

Example¶

void bad() {
  try {
    /* ... */
  }
  catch(CException* e) {
    e->ReportError();
  }
}

void good() {
  try {
    /* ... */
  }
  catch(CException* e) {
    e->ReportError();
    e->Delete();
  }
}

References¶

MSDN Library for MFC: Exceptions: Catching and Deleting Exceptions.
Common Weakness Enumeration: CWE-401.

© GitHub, Inc.
Terms
Privacy

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

Alternative Proxies:

Alternative Proxy