SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 16

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 17

changes.mady.by.user Justin Pincar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by sciSpider $version (sch jbop) (X_X)@==(Q_Q)@

Many functions return useful values whether or not the function has side effects. In most cases, this value is used to signify whether the function successfully completed its task or if some error occurred (see ERR02-AC. Avoid in-band error indicators). Other times, the value is the result of some computation and is a necessary output.

...

This recommendation encompasses MEM32-C. Detect and handle memory allocation errors, FIO04-AC. Detect and handle input and output errors, and FIO34-C. Use int to capture the return value of character IO functions.

...

Noncompliant Code Example

This non-compliant noncompliant code example calls puts() and fails to check whether a write error occurs.

...

However, puts() can fail and return EOF. If the output were determined to be critical, then the return value should have been checked.

Compliant Solution

This compliant solution checks to make sure no output error occurred (see FIO04-AC. Detect and handle input and output errors).

Code Block
bgColor#ccccff
if (puts("foo") == EOF) {
  /* Handle Error */
}

Exceptions

EXP12-EX1: If the return value is inconsequential or if any errors can be safely ignored, such as for functions called because of their side effects, the function should be explicitly cast to void to signify programmer intent. See the compliant solution for removing an existing destination file in FIO10-AC. Take care when using the rename() function for an example of this exception.

...

Code Block
bgColor#ccccff
strcpy(dst, src);

Risk Assessment

Failure to handle error codes or other values returned by functions can lead to incorrect program flow and violations of data integrity.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

EXP12-A C

medium

unlikely

medium

P4

L3

Automated Detection

Splint Version 3.1.1 can detect violations of this recommendation.

Compass/ROSE can detect violations of this recommendation.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.8.3, "Expression and null statements"
\[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\] "CSJ Passing Parameters and Return Values"

...