SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 56

changes.mady.by.user Aaron Ballman

Saved on

compared with

New Version 57

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

According to the C Standard [ISO/IEC 9899:2011], the behavior a program is undefined when

...

Code Block
bgColor#FFcccc
langc
#include <signal.h>
#include <stdlib.h>
#include <stdio.h>

typedef void (*pfv)(int);

void handler(int signum) {
  pfv old_handler = signal(signum, SIG_DFL);
  if (old_handler == SIG_ERR) {
    perror("SIGINT handler"); /* undefinedUndefined behavior */
    /* Handle error condition */
  }
}

int main(void) {
  pfv old_handler = signal(SIGINT, handler);
  if (old_handler == SIG_ERR) {
    perror("SIGINT handler");
    /* Handle error condition */
  }

  /* Main code loop. */

  return EXIT_SUCCESS;
}

...

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

ERR32-C

lowLow

unlikelyUnlikely

lowLow

P3

L3

Automated Detection

Tool

Version

Checker

Description

Compass/ROSE

 

 

Could detect violations of this rule by looking for signal handlers that themselves call signal(). A violation is reported if the call fails and the handler therefore checks errno. A violation also exists if the signal handler modifies errno without first copying its value elsewhere

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

CERT C++ Secure Coding StandardERR32-CPP. Do not rely on indeterminate values of errno

Bibliography

[ISO/IEC 9899:2011]Subclause 7.14.1.1, "The signal Function"

...