...
The sprintf_m() API separates out the return status of the function from information about the number of characters written. In this case, *count is set to the number of characters written in buf while the return value indicates the return status. Returning the status as the return value of the function increases the likelihood that a programmer will check the return status of the function.
Exception
Exceptions
ERR02-EX1: Null pointers are another NULL is an example of an in-band error indicator, which . Use of the null pointers is not so quite as bad because the language supports itit is supported for by the language. According to C99 Section 6.3.2.3, "Pointers":
If a null pointer constant is converted to a pointer type, the resulting pointer, called a null pointer, is guaranteed to compare unequal to a pointer to any object or function.
Risk Analysis
Failure to adopt and implement a consistent and comprehensive error-handling policy is detrimental to system survivability, and can result in a broad range of vulnerabilities depending on the operational characteristics of the system.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level | ||||
|---|---|---|---|---|---|---|---|---|---|
ERR02-A | 2 (medium) | 2 (probable) | 2 (medium) | P8 | low | unlikely | high | P1 | L3 L2 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...