The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow.
Time of Introduction
Implementation
Applicable Platforms
Languages
C
C++
Java
.NET
Common Consequences
Scope
Effect
Other
Technical Impact: Varies by context
The code could be left in a bad state.
Likelihood of Exploit
Medium
Demonstrative Examples
Example 1
(Bad Code)
Example Languages: C++ and Java
public class foo {
public static final void main( String args[] ) {
boolean returnValue;
returnValue=doStuff();
}
public static final boolean doStuff( ) {
boolean threadLock;
boolean truthvalue=true;
try {
while(
//check some condition
) {
threadLock=true; //do some stuff to
truthvalue
threadLock=false;
}
}
catch (Exception e){
System.err.println("You did something bad");
if (something) return truthvalue;
}
return truthvalue;
}
}
In this case, you may leave a thread locked accidentally.
Potential Mitigations
Phase: Implementation
If one breaks from a loop or function by throwing an exception, make
sure that cleanup happens or that you should exit the program. Use
throwing exceptions sparsely.
Other Notes
Often, when functions or loops become complicated, some level of cleanup
in the beginning to the end is needed. Often, since exceptions can disturb
the flow of the code, one can leave a code block in a bad state.
Description
