...
Noncompliant Code Example (POSIX)
In the following this noncompliant code example, fmemopen() and open_memstream() are assumed to succeed. However, if the calls fail, the two file pointers in and out will be null and the program will have undefined behavior.
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <stdio.h>
#include <string.h>
int main(int argc, char *argv[]) {
FILE *out;
FILE *in;
size_t size;
char *ptr;
if (argc != 2) {
/* Handle error */
}
in = fmemopen(argv[1], strlen(argv[1]), "r");
/* Use in */
out = open_memstream(&ptr, &size);
/* Use out */
return 0;
} |
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <stdio.h>
#include <string.h>
int main(int argc, char *argv[]) {
FILE *out;
FILE *in;
size_t size;
char *ptr;
if (argc != 2) {
/* Handle error */
}
in = fmemopen(argv[1], strlen(argv[1]), "r");
if (in == NULL){
/* Handle error */
}
/* Use in */
out = open_memstream(&ptr, &size);
if (out == NULL){
/* Handle error */
}
/* Use out */
return 0;
} |
Exceptions
ERR33-EX1: The exception from EXP12-C. Do not ignore values returned by functions still applies. If the return value is inconsequential or if any errors can be safely ignored, such as for functions called because of their side effects, the function should be explicitly cast to void to signify programmer intent.
...
Related Vulnerabilities
The vulnerability in Adobe Flash [VU#159523] arises because Flash neglects to check the return value from calloc(). Even when calloc() returns NULL, Flash writes to an offset from the return value. Dereferencing NULL usually results in a program crash, but dereferencing an offset from NULL allows an exploit to succeed without crashing the program.
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...