Page History

Application-independent code includes code that is

• shipped Shipped with the compiler or operating system
• from From a third-party library
• developed Developed in-house

When application-specific code detects an error, it can immediately respond with a specific action, as in

...

Error detection and reporting can take several forms:

• a A return value (especially of type errno_t)
• an An argument passed by address
• a A global object (e.g., errno)
• longjmp()
• some Some combination of the above

Noncompliant Code Example

This noncompliant code example consists of two application-independent functions, f() and g(). The f() function is part of the external API for the module; the g() function is an internal function.

...

A call to f() returns a status indicator, which is zero 0 upon success and a nonzero value upon failure indicating what went wrong.

...

A call to f() provides a status indicator that is zero 0 upon success and a nonzero value upon failure, assuming the user provided a valid pointer to an object of type errno_t.

...

The call to f() provides a status indicator that is zero 0 upon success and a nonzero value upon failure.

...

#include <setjmp.h>

const errno_t ESOMETHINGREALLYBAD = 1;

jmp_buf exception_env;

void g(void) {
  /* ... */
  if (something_really_bad_happens) {
    longjmp(exception_env, ESOMETHINGREALLYBAD);
  }
  /* ... */
}

void f(void) {
  g();
  /* ... do the rest of f ... */
}

/* ... */
if (setjmp(exception_env) != 0) {
  /* ifIf we get here, an error occurred; do not continue processing */
}
/* ... */
f();
/* ifIf we get here, no errors occurred */
/* ... */

...

Risk Assessment

Lack of an error-detection mechanism prevents applications from knowing when an error has disrupted normal program behavior.

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

...

Bibliography

...