SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 22

changes.mady.by.user David Keaton

Saved on

compared with

New Version 23

changes.mady.by.user David Keaton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

TR 24731-1 introduces the new type errno_t that is defined to be type int in <errno.h> and elsewhere. Many of the functions defined in TR 24731-1 return values of this type. As a matter of programming style, errno_t should be used as the type of something that deals only with the values that might be found in errno. For example, a function that returns the value of errno should be declared as having the return type errno_t.

Non-Compliant Code Example

This non-compliant code example illustrates a function called opener() that returns errno error codes.  However, the function is declared as returning an int.  Consequently, the meaning of the return value is not as clear as it could be.

Code Block
bgColor#FFCCCC
enum { NO_FILE_POS_VALUES = 3 };

int opener(FILE* file, int *width, int *height, int *data_offset) {
  int file_w;
  int file_h;
  int file_o;
  fpos_t offset;

  if (file == NULL) { return EINVAL; }
  if (fgetpos(file, &offset) != 0) { return errno; }
  if (fscanf(file, "%i %i %i", &file_w, &file_h, &file_o)  != NO_FILE_POS_VALUES) { return EIO; }
  if (fsetpos(file, &offset) != 0) { return errno; }

  *width = file_w;
  *height = file_h;
  *data_offset = file_o;

  return 0;
}

Compliant Solution

In this compliant solution, the opener() function returns a value of type errno_t, providing a clear indication that this function returns an error code.

...

NOTE: EINVAL and EIO are not defined in C99, but they are available in most implementations and are defined in POSIX.

Risk Assessment

Failing to test for error conditions can lead to vulnerabilities of varying severity. Declaring functions that return an errno with a return type of errno_t will not eliminate this problem, but may reduce errors caused by programmers misunderstanding the purpose of a return value.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

DCL09-A

1 (low)

1 (unlikely)

2 (medium)

P2

L3

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[ISO/IEC TR 24731-1-2007|AA. C References#ISO/IEC TR 24731-1-2007]\]
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.7.5.3, "Function declarators (including prototypes)"
\[[Open Group 04|AA. C References#Open Group 04]\]

...