SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 99

changes.mady.by.user Will Snavely

Saved on

compared with

New Version Current

changes.mady.by.user Aleksandr Karbyshev

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added Axivion Bauhaus entry to Automated Detection table

...

This recommendation depends on C11 Annex K being implemented. The following code can be added to remove this dependency:


 

Code Block
languagecpp
#ifndef __STDC_LIB_EXT1__
  typedef int errno_t;
#endif
 

Noncompliant Code Example
...
This noncompliant code example nevertheless complies with ERR30-C.  Set errno to zero before calling a library function known to set errno, and check errno only after the function returns a value indicating failureTake care when reading errno.
Compliant Solution (POSIX)
...
Failing to test for error conditions can lead to vulnerabilities of varying severity. Declaring functions that return an errno with a return type of errno_t will not eliminate this problem but may reduce errors caused by programmers' misunderstanding the purpose of a return value.
Recommendation
Severity
Likelihood
Remediation Cost
Priority
Level
DCL09-C
Low
Unlikely
Low
P3
L3
Automated Detection
Tool
Version
Checker
Description
Axivion Bauhaus Suite
 Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V
CertC-DCL09
LDRA tool suite
 
 Include Page
LDRA_V
LDRA_V
634 SPartially Implemented
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
SEI CERT C++ Coding StandardVOID DCL09-CPP. Declare functions that return errno with a return type of errno_t
ISO/IEC TR 24772:2013Ignored Error Status and Unhandled Exceptions [OYB]
Bibliography
[IEEE Std 1003.1:2013]
 

...