...
| Code Block | ||
|---|---|---|
| ||
errno = 0;
printf("This\n");
printf("is\n");
printf("a\n");
printf("test.\n");
if (errno != 0) {
fprintf(stderr, "printf failed: %s\n", strerror(errno));
}
|
Compliant Solution
This compliant solution uses ferror() to detect an error. In addition, if an early printf() fails, later ones may modify errno, so the program cannot rely on being able to detect the root cause of the first failure if it waits until after a sequence of library calls to check.
| Code Block | ||
|---|---|---|
| ||
errno = 0; printf("This\n"); printf("is\n"); printf("a\n"); printf("test.\n"); if (ferror(stdout)) { fprintf(stderr, "printf failed\n"); } |
Risk Assessment
Passing values to character handling functions that cannot be represented as an unsigned char may result in unintended program behaviorChecking errno after multiple calls to library functions can lead to spurious error reporting, possibly resulting in incorrect program operation.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
ERR01-A | 3 (high) | 3 (likely) | 1 (high) | P9 | L2 |
...