...
The sprintf() function returns the number of characters written in the array, not counting the terminating null character. This number is frequently added to an existing counter to keep track of the location of the index into the array. However, the call to sprintf() can (and will) return −1 on error conditions, such as an encoding error. If this error happens on the first call (which is likely), the count variable, already at zero0, is decremented. If this index is subsequently used, it will result in an out-of-bounds read or write.
...
read() returns −1 if an error occurs, or, ; if no errors occur, it returns the number of bytes actually read.
...
where rbytes is a pointer to a size_t. If no error occurs, and rbytes is not NULL, its value is set to the total number of bytes read, and read() would return returns 0. If an error occurs, read() returns a nonzero value indicating the error.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
constraint_handler_t handle_errors(void) {
constraint_handler_t data;
/* defineDefine what to do when error occurs */
return data;
}
/*...*/
set_constraint_handler(handle_errors);
/*...*/
/* Returns zero on success */
errno_t function(char *dst1){
char src1[100] = "hello";
strcpy_s(dst1, sizeof(dst1), src1);
/* At this point strcpy_s may have yielded an
error and handle_errors() might have returned */
/* ... */
return 0;
}
|
...
ERR02-EX1: Null pointers are another example of an in-band error indicator. Use of null pointers is allowed because it is supported by the language. According to the C Standard, Section 6.3.2.3 [ISO/IEC 9899:2011]:
If a null pointer constant is converted to a pointer type, the resulting pointer, called a null pointer, is guaranteed to compare unequal to a pointer to any object or function.
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
...
...
ISO/IEC PDTR 24772 "NZN Returning error status"
...
Bibliography
| [Burch 2006] | |
| [ISO/IEC 9899:2011] | Section 6.3.2 "Other Operands" |
...