SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 55

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 56

changes.mady.by.user Arthur Hicken

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: update parasoft

...

The following table summarizes the characteristics of error-reporting and error-detection mechanisms.

Method

Code Increase

Manages Allocated Resources

Automatically Enforceable

Return value

Big (30–40%)

No

Yes

Address argument

Bigger

No

No

Global indicator

Medium

No

Yes

longjmp()

Small

No

n/a

Risk Assessment

Lack of an error-detection mechanism prevents applications from knowing when an error has disrupted normal program behavior.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

ERR05-C

Medium

Probable

High

P4

L3

Automated Detection

Tool

Version

Checker

Description

Compass/ROSE

 

 



Could detect violations of this rule merely by reporting functions that call abort(), exit(), or _Exit() inside an if or switch statement. This would also catch many false positives, as ROSE could not distinguish a library function from an application function

Parasoft C/C++test
Include Page
c:
Parasoft_V
c:
Parasoft_V
MISRA2012
MISRA2004-
RULE-21
20_
8
11Use of getenv(), abort(), exit() and system()

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++ Coding StandardVOID ERR05-CPP. Application-independent code should provide error detection without dictating error handling

Bibliography

[Miller 2004]
[Saks 2007b]

...


...