Page History

...

In general, you should detect errors by checking return values, and use errno only to distinguish among the various causes of an error, such as ``File "File not found'' " or ``Permission "Permission denied''". (Typically, you use perror or strerror to print these discriminating error messages.) It's only necessary to detect errors with errno when a function does not have a unique, unambiguous, out-of-band error return (i.e. because all of its possible return values are valid; one example is atoi). In these cases (and in these cases only; check the documentation to be sure whether a function allows this), you can detect errors by setting errno to 0, calling the function, then testing errno. (Setting errno to 0 first is important, as no library function ever does that for you.)

To make error messages useful, they should include all relevant information. Besides the strerror text derived from errno, it may also be appropriate to print the name of the program, the operation which failed (preferably in terms which will be meaningful to the user), the name of the file for which the operation failed, and, if some input file (script or source file) is being read, the name and current line number of that file.

...

This example also applies to rule \[[FIO32-C. Detect and handle file operation errors]\].

...

Risk Analysis

Failing to detect error condition can result in unexpected program behavior, and possibly abnormal program termination resulting in a denial-of-service condition.

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

\[[SummitHorton 0590|AA. C References#SummitReferences#Horton 0590]\] C-FAQ Question 20.4Section 11 p. 168, Section 14 p. 254
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Sections 7.1.4, 7.9.10.4, and 7.11.6.2
CT&P Sec. \[[Koenig 89|AA. C References#Koenig 89]\] Section 5.4 p. 73
PCS Sec\[[Summit 05|AA. 11C p. 168, Sec. 14 p. 254 References#Summit 05]\] C-FAQ Question 20.4