An exception handling catch
block is used to catch and handle errors or exceptions that may occur during the execution of a program.
When the catch
block does not contain any code to handle the exception or execute any necessary cleanup, then this can lead to problems. In particular, it can make the program unreliable, as an unhandled exception may cause the program to crash or behave unpredictably. This is especially problematic if the relevant code is reachable by an attacker, as they may be able to trigger the exception deliberately and cause the program to fail.
For instance, an attacker could utilize an ignored error condition to place the system in an unexpected state that could lead to the execution of unintended code and producing other unintended behavior(s).
try {
// ...
}
catch (MyExcept &) { /* empty */ }
try {
// ...
}
catch (MyExcept &) {
// we do something here.
assert(false);
}