CWE-248

Uncaught Exception. [Error-Conditions, Insufficient-Control-Flow-Management]

Required inputs: IR, StaticSemanticAnalysis

An exception is thrown from a function, but it is not caught. When an exception is not caught, it may cause the program to crash or expose sensitive information.

Demonstrative Examples

Example 1

The following example attempts to resolve a hostname.

Example Language:Java (Unsupported language for documentation only)
    protected void doPost (HttpServletRequest req, HttpServletResponse res) throws IOException {
        String ip = req.getRemoteAddr();
        InetAddress addr = InetAddress.getByName(ip);
        ...
        out.println("hello " + addr.getHostName());
    }

A DNS lookup failure will cause the Servlet to throw an exception.

Example 2

The _alloca() function allocates memory on the stack. If an allocation request is too large for the available stack space, _alloca() throws an exception. If the exception is not caught, the program will crash, potentially enabling a denial of service attack. _alloca() has been deprecated as of Microsoft Visual Studio 2005(R). It has been replaced with the more secure _alloca_s().

Example 3

EnterCriticalSection() can raise an exception, potentially causing the program to crash. Under operating systems prior to Windows 2000, the EnterCriticalSection() function can raise an exception in low memory situations. If the exception is not caught, the program will crash, potentially enabling a denial of service attack.

Excerpts from CWE [https://cwe.mitre.org], Copyright (C) 2006-2026, the MITRE Corporation. See section 9.4. "3rd-Party Licenses" in the documentation for full details.

Possible Messages

Key	Text	Severity	Disabled
exception_escaping_initialization	Uncaught exception raised in initialization or finalization	None	False
exception_escaping_main	Uncaught exception escaping from main or additional entry point	None	False

Options

• This rule shares the following common options: exclude_in_macros, exclude_messages_in_system_headers, excludes, extend_exclude_to_macro_invocations, includes, justification_checker, languages, post_processing, provider, report_at, severity

• The following places define options that affect this rule: Stylechecks, Analysis-GlobalOptions

exclude_exception_base_classes

exclude_exception_base_classes : set[bauhaus.analysis.config.QualifiedName] = set()

Exclude issues for the exception types mentioned in this set of qualified names. Also excludes classes derived from those class names as well as pointers or references to any of these class types.

 

generate_violation_path

generate_violation_path : bool = True

Whether to compute a trace for the exception. This improves the usability of the violation description, but requires additional computing which might slow down the rule.

 

inspect_at_exit_handlers

inspect_at_exit_handlers : bool = True

Whether to also inspect at_exit() handlers-functions.

 

inspect_atexit_entry_points

inspect_atexit_entry_points : bool = False

Whether to inspect routines set by the atexit/std::atexit function.

 

inspect_thread_main

inspect_thread_main : bool = True

Whether to also inspect thread main functions.

 

report_at_call

report_at_call : bool = False

If set to true, the error is reported at the call-sites of routines throwing exceptions rather than at the throw.

 

report_only_one_exception_per_function

report_only_one_exception_per_function : bool = False

Report at most one uncaught exception per function. This suppresses issues at sites where an uncaught exception is thrown to get a faster execution of the check. Setting this parameter to True will result in false negatives: Real issues may not be detected anymore.