...
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Astrée |
| error-information-unused error-information-unused-computed | Supported | ||||||
Axivion Bauhaus Suite |
| CertC-POS54 | |||||||
CodeSonar |
| LANG.FUNCS.IRV LANG.ERRCODE.NOTEST LANG.ERRCODE.NZ | Ignored return value Missing Test of Error Code Non-zero Error Code | ||||||
Compass/ROSE | Can detect violations of this recommendation when checking for violations of EXP12-C. Do not ignore values returned by functions and EXP34-C. Do not dereference null pointers | ||||||||
| CHECKED_RETURN | Finds inconsistencies in how function call return values are handled. Coverity Prevent cannot discover all violations of this recommendation, so further verification is necessary | |||||||
Helix QAC |
| C3200 | |||||||
Klocwork |
| SV.RVT.RETVAL_NOTTESTED | |||||||
LDRA tool suite |
| 80 D | Partially implemented | ||||||
Parasoft C/C++test |
| CERT_C-POS54-a | The value returned by a POSIX library function that may return an error should be used | ||||||
PC-lint Plus |
| 413, 534, 613 | Assistance provided | ||||||
| CERT C: Rule POS54-C | Checks for situations where return value of a sensitive function is not checked (rule fully covered) | |||||||
RuleChecker |
| error-information-unused | Supported |
Related Vulnerabilities
The vulnerability in Adobe Flash [VU#159523] arises because Flash neglects to check the return value from calloc()
. Even when calloc()
returns NULL
, Flash writes to an offset from the return value. Dereferencing NULL
usually results in a program crash, but dereferencing an offset from NULL
allows an exploit to succeed without crashing the program.
...
[DHS 2006] | Handle All Errors Safely |
[Henricson 1997] | Recommendation 12.1, "Check for All Errors Reported from Functions" |
[ISO/IEC 9899:20112024] | Subclause 7.2123.7.10, "The ungetc Function" |
...