...
Assertions should never be used to verify the absence of runtime (as opposed to logic) errors, such as
- invalid Invalid user input (including command-line arguments and environment variables)
- file File errors (for example, errors opening, reading or writing files)
- network Network errors (including network protocol errors)
- outOut-of-memory conditions (for example,
malloc()or similar failures) - system System resource exhaustion (for example, out-of-file descriptors, processes, threads)
- system System call errors (for example, errors executing files, locking or unlocking mutexes)
- invalid Invalid permissions (for example, file, memory, user)
...
This compliant solution demonstrates how to detect and handle possible memory exhaustion.:
| Code Block | ||||
|---|---|---|---|---|
| ||||
char *dupstring(const char *str) {
size_t len;
char *dup;
len = strlen(str);
dup = (char*)malloc(len + 1);
/* detect and handle memory allocation error */
if (NULL == dup) {
return NULL;
}
memcpy(dup, str, len + 1);
return dup;
}
|
...
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| ASSERT_SIDE_EFFECT | Can detect the specific instance where assertion contains an operation/function call that may have a side effect. |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...