CWE-460: Improper Cleanup on Thrown Exception

Description

The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE

Extended Description

Often, when functions or loops become complicated, some level of resource cleanup is needed throughout execution. Exceptions can disturb the flow of the code and prevent the necessary cleanup from happening.

Example Vulnerable Codes

Example - 1

The following example demonstrates the weakness.


boolean returnValue;returnValue=doStuff();


// //check some condition// 

threadLock=true; //do some stuff to truthvaluethreadLock=false;while() {}

System.err.println("You did something bad");if (something) return truthvalue;
boolean threadLock;boolean truthvalue=true;try {}catch (Exception e){}return truthvalue;public static final void main( String args[] ) {}public static final boolean doStuff( ) {}public class foo {}

In this case, you may leave a thread locked accidentally.

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-459: Incomplete Cleanup

Go to

CWE-755: Improper Handling of Exceptional Conditions

Go to

Visit http://cwe.mitre.org/ for more details.