...
It is therefore prudent to explicitly install a runtime-constraint handler to ensure consistent behavior across implementations.
Compliant
...
Solution (C11 Annex K)
This compliant solution explicitly installs a runtime-constraint handler by invoking the set_constraint_handler_s() function. It would typically be performed during system initialization and before any functions that used the mechanism were invoked.
| Code Block | ||||
|---|---|---|---|---|
| ||||
constraint_handler_t handle_errors(void) {
/* Handle runtime-constraint error */
}
/* ... */
set_constraint_handler_s(handle_errors);
/* ... */
/* Returns zero on success */
errno_t function(char *dst1, size_t size){
char src1[100] = "hello";
if (strcpy_s(dst1, size, src1) != 0) {
return -1;
}
/* ... */
return 0;
}
|
Compliant
...
Solution (Visual Studio 2008 and later)
Although the C11 Annex K functions were created by Microsoft, Microsoft Visual Studio does not support the same interface defined by the technical report for installing runtime-constraint handlers. Visual Studio calls these functions invalid parameter handlers, and they are installed by calling the _set_invalid_parameter_handler() function. The signature of the handler is also significantly different [MSDN].
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| SEI CERT C++ Secure Coding Standard | VOID ERR03-CPP. Use runtime-constraint handlers when calling functions defined by TR24731-1 |
Bibliography
| [ISO/IEC 9899:2011] | Subclause K.3.1.4, "Runtime-Constraint Violations" |
| [MSDN] | "Parameter Validation" |
...