...
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <errno.h> #include <stdio.h> #include <string.h> void f(FILE *fp) { fpos_t pos; errno = 0; if (0 != fgetpos(fp, &pos) { char * errmsg = strerror(errno); printf("Could not get the file position because of %s\n", errmsg); } } |
Note that this code first sets errno to 0 to comply with ERR30-C. Set errno to zero before calling a library function known to set errno, and check errno only after the function returns a value indicating failure.
Compliant Solution (
...
Annex K, strerror_s())
This compliant solution uses the strerror_s() function from Annex K of the C Standard, which has the same functionality as strerror() but guarantees thread-safety.
| Code Block | ||||
|---|---|---|---|---|
| ||||
#define __STDC_WANT_LIB_EXT1__ 1 #include <errno.h> #include <stdio.h> #include <string.h> void f(FILE *fp) { fpos_t pos; errno = 0; if (0 != fgetpos(fp, &pos) { char errmsg[BUFSIZ]; if (strerror_s(errmsg, BUFSIZ, errerrno) != 0) { /* handleHandle error */ } printf("Could not get the file position because of %s\n", errmsg); } } |
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <errno.h> #include <stdio.h> #include <string.h> void f(FILE *fp) { fpos_t pos; errno = 0; if (0 != fgetpos(fp, &pos) { char errmsg[BUFSIZ]; if (strerror_r(errno, errmsg, BUFSIZ) != 0) { /* handleHandle error */ } printf("Could not get the file position because of %s\n", errmsg); } } |
...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
CON33-C | medium | probable | high | P4 | L3 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Automated Detection
Tool | Version | Checker | Description |
|---|---|---|---|
Compass/ROSE |
|
| A module written in Compass/ROSE can detect violations of this rule |
...