CWARN.PASSBYVALUE.EXC

Exception object passed by value is too large

The CWARN.PASSBYVALUE.EXC checker finds instances in which an exception object passed by value is too large.

Vulnerability and risk

Passing by value is not necessarily an error, but it can cause a performance loss because of the amount of data copied.

Vulnerable code example

1
2
3
4
5
6
7
8
9
10
11
12
13
14
  struct big_exc {
  char str[111];
  };
  
  void foo() {
    try 
    {
      /*...*/
    } 
   catch(big_exc be) 
   {
     /*...*/
   }
 }

Klocwork flags line 10, in which the exception object 'be' is too large.

Related checkers

• CWARN.PASSBYVALUE.ARG

External guidance

• STIG-ID:APP3120 Application has error handling vulnerabilities