Leaky catch¶
ID: cpp/catch-missing-freeKind: problemSecurity severity: Severity: warningPrecision: highTags: - efficiency - correctness - exceptions - external/cwe/cwe-401Query suites: - cpp-security-and-quality.qls
Click to see the query in the CodeQL repository
Modern C++ code and frameworks should not throw or catch pointers. Older frameworks, such as Microsoft’s MFC, do throw and catch pointers. Said pointers will generally point to an exception object allocated on the heap, and therefore need to be freed when they are caught. Failure to free them will result in a memory leak.
Recommendation¶
Thecatch block should be augmented to delete the exception pointer.
Example¶
voidbad(){try{/* ... */}catch(CException*e){e->ReportError();}}voidgood(){try{/* ... */}catch(CException*e){e->ReportError();e->Delete();}}
References¶
MSDN Library for MFC:Exceptions: Catching and Deleting Exceptions.
Common Weakness Enumeration:CWE-401.