SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 6

changes.mady.by.user Unknown User (dkohlbre)

Saved on

compared with

New Version 7

changes.mady.by.user Unknown User (dkohlbre)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In this noncompliant code example, if the given user input is '0', the division operation results in a SIGFPE signal being sent to the program.

Code Block
bgColor#ffcccc
#include<signal.h>
#include<stddef.h>
#include<stdlib.h>

volatile sig_atomic_t denom;

void sighandle(int s){
     /* Fix the offending volatile */
     if (denom == 0) {
           denom == 1;
     }
     /* Everything is ok */
   return;
}

int main(int argc, char *argv[]){
     int result = 0;
    
    if (argc < 2) {
           return 0;
     }
  denom    denom = (int)strtol(argv[1], (char **)NULL, 10);
    
     signal(SIGFPE,(*sighandle));

     result = 100/denom;
     return 0;
}

The noncompliant code example will loop infinitely on most systems when supplied with 0 as an argument.
This illustrates that even when a SIGFPE handler attempts to fix the error condition while obeying all other rules of signal handling, the behavior may not be as expected.

Compliant Solution

Code Block
bgColor#ccccff

#include<signal.h>
#include<stddef.h>
#include<stdlib.h>

volatile sig_atomic_t denom;

void sighandle(int s){
     /* No recovery */
     abort();
}

int main(int argc, char *argv[]){
     int result = 0;
    
    if (argc < 2) {
           return 0;
     }

     denom = (int)strtol(argv[1], (char **)NULL, 10);
    
     signal(SIGFPE,(*sighandle));

     result = 100/denom;
     return 0;
}

The only portably safe way to leave a SIGFPE, SIGILL, or SIGSEGV handler is through abort() or /_Exit().

...