CWE-674: Uncontrolled Recursion

Description

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

Submission Date :

April 11, 2008, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE

Example Vulnerable Codes

Example - 1

In this example a mistake exists in the code where the exit condition contained in flg is never called. This results in the function calling itself over and over again until the stack is exhausted.



... // Do some real work here, but the value of flg is unmodifiedif (flg) { do_something_recursive (flg); }    // flg is never modified so it is always TRUE - this call will continue until the stack explodes
void do_something_recursive (int flg){}int flag = 1; // Set to TRUEdo_something_recursive (flag);

Note that the only difference between the Good and Bad examples is that the recursion flag will change value and cause the recursive call to return.



... // Do some real work here// Modify value of flg on done conditionif (flg) { do_something_recursive (flg); }    // returns when flg changes to 0
void do_something_recursive (int flg){}int flag = 1; // Set to TRUEdo_something_recursive (flag);

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Go to

CWE-834: Excessive Iteration

Go to

Visit http://cwe.mitre.org/ for more details.