AD5030: EnableExceptionHandlingMachO¶
Summary¶
| Property | Value |
|---|---|
| ID | AD5030 |
| Name | EnableExceptionHandlingMachO |
| Category | Security |
| Severity | Warning |
| Applies to | Mach-O (macOS, iOS) |
Description¶
Mach-O binaries should have proper exception handling enabled to ensure clean program termination and prevent undefined behavior on errors.
How It Works¶
The rule checks for exception handling infrastructure:
__eh_framesection presence__unwind_infosection- Exception handling symbols
Why This Matters¶
Proper exception handling ensures that errors are caught and handled correctly, preventing undefined behavior that could be exploited.
Exception Handling on Apple Platforms¶
| Component | Purpose |
|---|---|
| __eh_frame | DWARF-based unwinding |
| __unwind_info | Compact unwind tables |
| __cxa_throw | C++ exception throwing |
| __cxa_begin_catch | Exception catching |
Security Implications¶
| Issue | Risk |
|---|---|
| Missing unwind info | Stack corruption on throw |
| Catch-all without rethrow | Masked security exceptions |
| noexcept violations | std::terminate |
C++ Exception Safety¶
// Good: Proper exception handling
try {
risky_operation();
} catch (const std::exception& e) {
log_error(e);
cleanup();
throw; // Re-throw after cleanup
}
// Bad: Swallowing exceptions
try {
risky_operation();
} catch (...) {
// Exception silently ignored!
}
Objective-C Exceptions¶
@try {
[object riskyMethod];
} @catch (NSException* e) {
NSLog(@"Exception: %@", e);
@throw; // Re-throw
}
Resolution¶
Ensure exception handling is enabled:
# Enable exceptions (usually default)
clang++ -fexceptions program.cpp
# Do NOT disable with -fno-exceptions unless intentional