logo

Return Inside Finally Block

Draft Base
Structure: Simple
Description

This vulnerability occurs when a function places a return statement inside a finally block. This dangerous pattern silently discards any unhandled exceptions thrown earlier in the try block, making errors invisible and undermining application stability.

Extended Description

A finally block is designed to execute cleanup code regardless of whether an exception occurs in the try or catch blocks. However, if you place a return statement inside finally, it overrides the normal exception propagation. When an exception is thrown in the try block but not caught before finally executes, the return in the finally block takes precedence. The function then exits normally, returning a value and completely discarding the original exception, as if the error never happened. This creates a severe debugging and reliability issue because critical failure signals are lost. Developers are left with no stack trace, log entry, or indication that something went wrong, leading to silent data corruption, incorrect program states, and failures that are extremely difficult to diagnose. To avoid this, ensure return statements are placed in try or catch blocks, not in finally, and handle resource cleanup without altering the control flow for exceptions.
Common Consequences 1
Scope: Other

Impact: Alter Execution Logic
Detection Methods 1
Automated Static AnalysisHigh
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
Potential Mitigations 1
Phase: Implementation
Do not use a return statement inside the finally block. The finally block should have "cleanup" code.
Demonstrative Examples 1
In the following code excerpt, the IllegalArgumentException will never be delivered to the caller. The finally block will cause the exception to be discarded.

Code Example:

Bad
Java
java
Modes of Introduction
Implementation
Related Weaknesses
ChildOf: Incorrect Control Flow Scoping (CWE-705)
Taxonomy Mapping
  • The CERT Oracle Secure Coding Standard for Java (2011)
  • The CERT Oracle Secure Coding Standard for Java (2011)
  • Software Fault Patterns