Many functions will return either return a valid value or a value of the correct return type that indicates an error (for example, -1 −1 or a null pointer). Assuming that all calls to such functions will succeed and failing to check the return value for an indication of an error is a dangerous practice that may lead to unexpected or undefined behavior when an error occurs. Therefore, it It is essential that programs detect and appropriately handle all errors in accordance with an error-handling policy, as discussed in recommendation ERR00-C. Adopt and implement a consistent and comprehensive error-handling policy.
...
Noncompliant Code Example (setlocale())
In the this noncompliant example below, the function utf8_to_ucs() attempts to convert a sequence of UTF-8 characters to UCS. It first invokes setlocale() to set the global locale to "en_US.UTF-8," but it fails to check but does not check for failure. setlocale() will fail by returning a null pointer, for example, when the locale is not installed. (The function may fail for other reasons, as well, such as the lack of resources.) Depending on the sequence of characters pointed to by utf8, the subsequent call to mbstowcs() may fail or result in the function storing an unexpected sequence of wide characters in the supplied buffer ucs.
...
Noncompliant Code Example (signal())
In the this noncompliant example below , the function signal() is invoked to install a handler for the SIGINT signal. signal() returns a pointer to the previously installed handler on success and the value SIG_ERR on failure. However, since because the caller fails to check for errors, when signal() fails, the function may proceed with the lengthy computation without the ability to interrupt it.
...
In this noncompliant code example, temp_num, tmp2, and num_of_records are under the control of a malicious user. The The attacker can easily cause malloc() to fail by providing a large value for num_of_records.
...
When malloc() fails, it returns a null pointer that is assigned to start. If start is a null, an attacker can provide a value for temp_num that, when scaled by the the sizeof signal_info, references a writable address to which control is eventually transferred. The contents of the string referenced by tmp2 can then be used to overwrite the address, resulting in an arbitrary code execution vulnerability.
...
To correct this error, ensure the pointer returned by malloc() is not null. This also ensures compliance with rule MEM32-C. Detect and handle memory allocation errors.
...
In this noncompliant code example, input_string is copied into dynamically allocated memory referenced by str. However, the result of malloc() is not checked before str is referenced. Consequently, if malloc() fails, the program has undefined behavior. (See undefined behavior 103behavior 109 in Annex J of the C Standard.) In practice, this typically leads to an abnormal termination of the process typically occurs, thus providing an opportunity for a denial-of-service attack. In some cases, it may be the source of other vulnerabilities, as well. (See the #Related Vulnerabilities ERR33-C. Detect and handle errors section.) See also rule MEM32-C. Detect and handle memory allocation errors.
...
The malloc() function, as well as the other memory allocation functions, returns either a null pointer or a pointer to the allocated space. Always test the returned pointer to ensure it is not NULL before referencing the pointer. Handle the error condition appropriately when the returned pointer is NULL. When recovery from the allocation failure isn't possibleis not possible, propagate the failure to the caller.
...
MITRE CWE: CWE-252, "Unchecked Return Valuereturn value"
MITRE CWE: CWE-253, "Incorrect Check of Function Return Valuecheck of function return value"
MITRE CWE: CWE-390, "Detection of Error Condition Without Actionerror condition without action"
MITRE CWE: CWE-391, "Unchecked Error Conditionerror condition"
Bibliography
[DHS 2006]. Handle All Errors Safely.
[Henricson 1997] Recommendation 12.1, Check for all errors reported from functions
...