...
Code Block | ||||
---|---|---|---|---|
| ||||
#include <stdio.h> #include <string.h> int main(int argc, char *argv[]) { FILE *out; FILE *in; size_t size; char *ptr; if (argc != 2) { /* Handle error */ } in = fmemopen(argv[1], strlen(argv[1]), "r"); if (in == NULL){ /* Handle error */ } /* Use in */ out = open_memstream(&ptr, &size); if (out == NULL){ /* Handle error */ } /* Use out */ return 0; } |
Exceptions
POS54-C-EX1EX2: The exception from EXP12ERR33-C. Do not ignore values returned by functions still applies. If the return value is inconsequential or if any errors can be safely ignored, such as for functions called because of their side effects, the function should be explicitly cast to void
to signify programmer intent.
POS54-C-EX2: Ignore the return value of a function that cannot fail or whose return value cannot signify that an error condition need not be diagnosed. For example, strcpy()
is one such function.
Return values from the following functions do not need to be checked because their historical use has overwhelmingly omitted error checking, and the consequences are not relevant to security.
...
Function
...
Successful Return
...
Error Return
...
printf()
...
Number of characters (nonnegative)
...
Negative
...
putchar()
...
Character written
...
EOF
...
puts()
...
Nonnegative
...
EOF
(negative)
...
putwchar()
...
Wide character written
...
WEOF
...
vprintf()
...
Number of characters (nonnegative)
...
Negative
...
vwprintf()
...
Number of wide characters (nonnegative)
...
Negative
...
wprintf()
...
Number of wide characters (nonnegative)
...
Detect and handle standard library errors (that is ERR33-C-EX1) applies to this rule. See that exception for more information.
Risk Assessment
Failing to detect error conditions can lead to unpredictable results, including abnormal program termination and denial-of-service attacks or, in some situations, could even allow an attacker to run arbitrary code.
...