...
The following table summarizes the characteristics of error-reporting and error-detection mechanisms.
Method | Code Increase | Manages Allocated Resources | Automatically Enforceable |
---|---|---|---|
Return value | Big (30–40%) | No | Yes |
Address argument | Bigger | No | No |
Global indicator | Medium | No | Yes |
| Small | No | n/a |
Risk Assessment
Lack of an error-detection mechanism prevents applications from knowing when an error has disrupted normal program behavior.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
ERR05-C | Medium | Probable | High | P4 | L3 |
Automated Detection
Tool | Version | Checker | Description |
---|---|---|---|
Compass/ROSE |
Could detect violations of this rule merely by reporting functions that call | ||
Parasoft C/C++test |
| CERT_C-ERR05-a | The 'abort()' function from the 'stdlib.h' or 'cstdlib' library shall not be used |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
SEI CERT C++ Coding Standard | VOID ERR05-CPP. Application-independent code should provide error detection without dictating error handling |
Bibliography
...
...