SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 89

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version Current

changes.mady.by.user Aleksandr Karbyshev

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added Axivion Bauhaus entry to Automated Detection table

...

C11 Annex K  introduced the new type errno_t that is defined to be type int in errno.h and elsewhere. Many of the functions defined in C11 Annex K return values of this type [ISO/IEC 9899:2011]. The errno_t type should be used as the type of an object that may contain only values that might be found in errno. For example, a function that returns the value of errno should be declared as having the return type errno_t.

...


Code Block
languagecpp
#ifndef __STDC_LIB_EXT1__
  typedef int errno_t;
#endif

 


Noncompliant Code Example

...

This noncompliant code example nevertheless complies with ERR30-C. Set errno to zero before calling a library function known to set errno, and check errno only after the function returns a value indicating failureTake care when reading errno.

Compliant Solution (POSIX)

...

This compliant solution is categorized as a POSIX solution because it returns EINVAL and EIO , which are defined by POSIX (IEEE Std 1003.1, 2013 Edition) but not by the C Standard.

...

Failing to test for error conditions can lead to vulnerabilities of varying severity. Declaring functions that return an errno with a return type of errno_t will not eliminate this problem but may reduce errors caused by programmers' misunderstanding the purpose of a return value.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

DCL09-C

low

Low

unlikely

Unlikely

low

Low

P3

L3

Automated Detection

Tool

Version

Checker

Description

Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-DCL09
LDRA tool suite
 
Include Page
LDRA_V
LDRA_V
634 SPartially Implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++
Secure
Coding StandardVOID DCL09-CPP. Declare functions that return errno with a return type of errno_t
ISO/IEC TR 24772:2013Ignored Error Status and Unhandled Exceptions [OYB]
MISRA C:2012Directive 1.1 (required)

Bibliography

[ISO/IEC 9899:2011]Subclause K.3.2, "Errors <errno.h>"
[Open Group 2004] 

 

Image Removed Image Removed Image Removed

 

 

Bibliography

[IEEE Std 1003.1:2013]


...

Image Added Image Added Image Added