...
| Code Block | ||
|---|---|---|
| ||
enum { NO_FILE_POS_VALUES = 3 };
int opener(FILE* file, int *width, int *height, int *data_offset) {
int file_w;
int file_h;
int file_o;
fpos_t offset;
if (file == NULL) { return -1EINVAL; }
if (fgetpos(file, &offset) != 0) { return -1errno; }
if (fscanf(file, "%i %i %i", &file_w, &file_h, &file_o) != NO_FILE_POS_VALUES) { return -1EIO; }
if (fsetpos(file, &offset) != 0) { return -1errno; }
*width = file_w;
*height = file_h;
*data_offset = file_o;
return 0;
}
|
...
| Code Block | ||
|---|---|---|
| ||
#include <errno.h>
enum { NO_FILE_POS_VALUES = 3 };
errno_t opener(FILE* file, int *width, int *height, int *data_offset) {
int file_w;
int file_h;
int file_o;
int rc;
fpos_t offset;
if (file == NULL) { return EINVAL; }
if ((rc = fgetpos(file, &offset)) != 0 ) { return rcerrno; }
if (fscanf(file, "%i %i %i", &file_w, &file_h, &file_o) != NO_FILE_POS_VALUES) { return EIO; }
if ((rc = fsetpos(file, &offset)) != 0 ) { return rcerrno; }
*width = file_w;
*height = file_h;
*data_offset = file_o;
return 0;
}
|
NOTE: EINVAL and EIO are not defined in C99, but they are defined available in most implementations and are defined in Posix.
Risk Assessment
Failing to test for error conditions can lead to vulnerabilities of varying severity. Declaring functions that return an errno with a return type of errno_t will not eliminate this problem but will help mitigate it.
...
| Wiki Markup |
|---|
\[[ISO/IEC TR 24731-1-2007|AA. C References#ISO/IEC TR 24731-1-2007]\]
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.7.5.3, "Function declarators (including prototypes)"
\[[Open Group 04|AA. C References#Open Group 04]\] |