...
In this non-compliant example no set_constraint_handler_s() has been called so the implementation defined default handler will be called on a run-time error. This will result in inconsistent behavior across implementations and possible termination of the program instead of a graceful exit.
| Code Block |
|---|
|
errno_t function(& char* dst1){
char src1[100] = "hello";
if (strcpy_s( dst1, sizeof(dst1), src1)<0 != 0) {
return -1;
}
/* ... */
return 0;
}
|
Compliant Code Example (TR24731-1)
| Code Block |
|---|
|
constraint_handler_t handle_errors() {
/* define what to do when error occurs */
}
/*...*/
set_constraint_handler(handle_errors);
/*...*/
function(&/* Returns zero on success */
errno_t function(char* dst1){
char src1[100] = "hello";
if (strcpy_s( dst1, sizeof(dst1), src1)<0 != 0) {
return -1;
}
/* ... */
return 0;
}
|
Compliant Code Example (Visual Studio2008/.NET Framework 3.5)
| Code Block |
|---|
|
_invalid_parameter_handler handle_errors()(const wchar_t* expression,
const wchar_t* function,
const wchar_t* file,
unsigned int line,
uintptr_t pReserved)
{
/*define what to do when error occurs*/
}
/*...*/
_set_invalid_parameter_handler(handle_errors)
/*...*/
errno_t function(&char *dst1){
char src1[100] = "hello";
if (strcpy_s( dst1, sizeof(dst1), src1)<0 != 0) {
return -1;
}
/* ... */
return 0;
}
|
Risk Analysis
The TR24731-1 standard indicates that if no constraint handler is set, a default one executes when errors arise. The default handler is implementation-defined and "may cause the program to exit or abort". Therefore using constraint handlers prevents a program from immediately crashing.
...
