...
The sprintf() function returns the number of characters written in the array, not counting the terminating null NULL character. This number is frequently added to an existing counter to keep track of the location of the index into the array. However, the call to sprintf() can (and will) return -1 on error conditions such as an encoding error. If this happens on the first call (which is likely), the count variable, already at zero, is decremented. If this index is subsequently used, it will result in an out-of-bounds read or write.
...
ERR02-EX1: Null pointers are another example of an in-band error indicator. Use of null NULL pointers is not quite as bad because it is supported by the language. According to C99 Section 6.3.2.3, "Pointers":
If a null NULL pointer constant is converted to a pointer type, the resulting pointer, called a null NULL pointer, is guaranteed to compare unequal to a pointer to any object or function.
...
| Code Block | ||
|---|---|---|
| ||
constraint_handler_t handle_errors() {
constraint_handler_t data;
/* define what to do when error occurs */
return data;
}
/*...*/
set_constraint_handler(handle_errors);
/*...*/
/* Returns zero on success */
errno_t function(char * dst1){
char src1[100] = "hello";
strcpy_s(dst1, sizeof(dst1), src1);
/* At this point strcpy_s may have yielded an
error and handle_errors() might have returned */
/* ... */
return 0;
}
|
...
| Code Block | ||
|---|---|---|
| ||
/* * The abort_handler_s() function writes a message on the * standard error stream then calls the abort() function. */ set_constraint_handler(abort_handler_s); /*...*/ /* Returns zero on success */ errno_t function(char * dst1){ char src1[100] = "hello"; strcpy_s(dst1, sizeof(dst1), src1); /* Because handle_errors() never returns, we only get here if strcpy_s() succeeds. */ /* ... */ return 0; } |
...