DeepSource
Dashboard Resources Pricing Discover Directory Log in

Run your first analysis.

Find thousands of code security and quality issues in your codebase, before they end up in production.

Start now
C & C++

C & C++

Made by DeepSource
Use Analyzer

Empty exception handler block CXX-S1021

Security
Major
 cwe-390

An exception handling catch block is used to catch and handle errors or exceptions that may occur during the execution of a program. When the catch block does not contain any code to handle the exception or execute any necessary cleanup, then this can lead to problems. In particular, it can make the program unreliable, as an unhandled exception may cause the program to crash or behave unpredictably. This is especially problematic if the relevant code is reachable by an attacker, as they may be able to trigger the exception deliberately and cause the program to fail.

For instance, an attacker could utilize an ignored error condition to place the system in an unexpected state that could lead to the execution of unintended code and producing other unintended behavior(s).

Bad practice

try {
  // ...
}
catch (MyExcept &) { /* empty */ }

Recommended

try {
  // ...
}
catch (MyExcept &) {
  // we do something here.
  assert(false);
}

References