The vulnerability as described in ISO/IEC TR 24772-1:2019 clause 6.31 exists in C++.
It is as easy to write structured programs in C++ as it is not to. C++ contains the goto
statement, which can create unstructured code. It also has continue
, break
, and return
that can create a complicated control flow, when used in an undisciplined manner. Spaghetti code can be more difficult for static analyzers to analyze and is sometimes used on purpose to intentionally obfuscate the functionality of software. Code that has been modified multiple times by an assortment of programmers to add or remove functionality or to fix problems can be prone to become unstructured.
Because unstructured code in can cause problems for analyzers, both automated and human, of code, problems with the code may not be detected as readily or at all as would be the case if the software was written in a structured manner.
In C++, the break
and continue
operations only act on the innermost loop. At times, escape from nested loops is required. In such cases, the use of goto
may be simpler and easier to verify than a series of tests with break
and/or continue
operations.
The setjmp
macro sets the current execution context into a variable, which can be use later to return to that current context using longjmp
call. These calls originated from the C standard library to mimic goto
across the call stack. They do not support the relevant additions to C++ such as destructors for automatic objects, exceptions, and concurrency, and hence are incompatible with modern C++ programming.
A coroutine is a function that can suspend execution for later resumption (optional).
To avoid the vulnerability or mitigate its ill effects, C++ software developers can:
Use the avoidance mechanisms of ISO/IEC 24772-1 clause 6.31.5.
Write clear and concise structured code to make code as understandable as possible.
Avoid the use of setjmp
and longjmp
Consider the use of coroutines as an alternative to goto
and setjmp/longjmp
See also the C++ Core guidelines ES.76, ES.77, SL.C.1