SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 50

changes.mady.by.user Astha Singhal

Saved on

compared with

New Version 51

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Many functions return useful values whether or not the function has side effects. In most cases, this value is used to signify whether the function successfully completed its task or if some error occurred. (See recommendation ERR02-C. Avoid in-band error indicators.) Other times, the value is the result of some computation and is an integral part of the function's API.

Section 6.8.3 of C99 of the C standard [ISO/IEC 9899:19992011] states that:

The expression in an expression statement is evaluated as a void expression for its side effects.

...

This recommendation encompasses rule MEM32-C. Detect and handle memory allocation errors, recommendation FIO04-C. Detect and handle input and output errors, and rule FIO34-C. Use int to capture the return value of character IO functions.

...

Code Block
bgColor#ffcccc
langc

puts("foo");

However, puts() can fail and return EOF.

...

This compliant solution checks to make sure no output error occurred. (See recommendation FIO04-C. Detect and handle input and output errors.)

Code Block
bgColor#ccccff
langc

if (puts("foo") == EOF) {
  /* Handle error */
}

...

EXP12-EX1: If the return value is inconsequential or if any errors can be safely ignored, such as for functions called because of their side effects, the function should be explicitly cast to void to signify programmer intent. For an example of this exception, see the "compliant solution Compliant Solution (Remove Existing Destination File)" under the section "Portable Behavior" section in recommendation FIO10-C. Take care when using the rename() function.

EXP12-EX2: If a function cannot fail or if the return value cannot signify an error condition, the return value may be ignored. Such functions should be added to a white list whitelist when automatic checkers are used.

Code Block
bgColor#ccccff
langc

strcpy(dst, src);

Risk Assessment

...

Coverity Prevent

CHECKED_RETURN

Finds inconsistencies in how function call return values are handled. Coverity Prevent cannot discover all violations of this recommendation, so further verification is necessary.

Splint

Klocwork

SV.RVT.RETVAL_NOTTESTED

382 S

ECLAIR

ignrtrn

section

Tool

Version

Checker

Description

Section
Include Page
Coverity_V
Coverity_V
Section
Section
Section
Include Page
Splint_V
Splint_V

 

 

section

Compass/ROSE

 

 

 

Section
Include Page
Klocwork_V
Klocwork_V
Section

 

section

LDRA tool suite

Include Page
LDRA_V
LDRA_V
Section
Section

Fully

Implemented

implemented.

Section
Include Page
ECLAIR_V
ECLAIR_V
Section

Fully

Implemented

implemented.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

The CERT Oracle Secure Coding Standard for Java: EXP00-J. Do not ignore values returned by methods

ISO/IEC 9899:19992011 Section 6.8.3, "Expression and null statements"

ISO/IEC TR 24772 "CSJ Passing Parameters parameters and Return Valuesreturn values"

MITRE CWE: CWE-754, "Improper Check check for Unusual unusual or Exceptional Conditionsexceptional conditions"

Bibliography

...