...
This recommendation encompasses ERR33-C. Detect and handle standard library errors. Unlike this recommendation, that rule is restricted to functions from the Standard C library.
Compliance with this recommendation is required in order to comply with ERR00-C. Adopt and implement a consistent and comprehensive error-handling policy
Noncompliant Code Example
The asprintf() function has been provided by the GNU C library. It works like sprintf(), but if given a null pointer as the destination string, it will create a buffer sufficient to hold the resulting string. It relies on malloc() to allocate the buffer. If malloc() fails, then asprintf() returns a negative number.
This noncompliant code example calls putsasprintf() and , but fails to check whether a write error occurs:the string was successfully created.
| Code Block | ||||
|---|---|---|---|---|
| ||||
puts("foo");
|
...
void func(char* name) {
char* s = NULL;
asprintf(&s,"Hello, %s!\n", name);
(void) puts(s);
free(s);
} |
Compliant Solution
This compliant solution checks to make sure no output error occurred (see ERR33-C. Detect and handle standard library errors).
| Code Block | ||||
|---|---|---|---|---|
| ||||
void func(char* name) { char* s = NULL; if (putsasprintf("foo") == EOF&s,"Hello, %s!\n", name) < 0) { /* Handle error */ } (void) puts(s); free(s); } |
Exceptions
EXP12-C-EX1: If the return value is inconsequential or if any errors can be safely ignored, such as for functions called because of their side effects, the function should be explicitly cast to void to signify programmer intent. For an example of this exception, see "Compliant Solution (Remove Existing Destination File)" under the section "Portable Behavior" in FIO10-C. Take care when using the rename() function, or Exception ERR33-C-EX1 in ERR33-C. Detect and handle standard library errors.
EXP12-C-EX2: If a function cannot fail or if the return value cannot signify an error condition, the return value may be ignored. Such functions should be added to a whitelist when automatic checkers are used.
...
Tool | Version | Checker | Description | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| error-information-unused | Fully checked | |||||||||||||
| Axivion Bauhaus Suite |
| CertC-EXP12 | Fully implemented | |||||||||||||
| CodeSonar |
| LANG.FUNCS.IRV | Ignored return value | |||||||||||||
| Compass/ROSE | ||||||||||||||||
| CHECKED_RETURN | Finds inconsistencies in how function call return values are handled. Coverity Prevent cannot discover all violations of this recommendation, so further verification is necessary | ||||||||||||||
| Cppcheck |
| leakReturnValNotUsed, ignoredReturnValue | Return value of memory allocation function is not used. Ignored return value from function when configuration says it must be used. See the chapter "Library configuration" in the cppcheck manual | |||||||||||||
| CC2.EXP12 | Fully implemented | ||||||||||||||
| Helix QAC |
| C3200 | ||||||||||||||
| Klocwork |
| MISRA.FUNC.UNUSEDRET.2012 | ||||||||||||||
| LDRA tool suite |
| 382 S | Fully implemented | |||||||||||||
| Parasoft C/C++test |
| CERT_C-EXP12-a | The value returned by a function having non-void return type shall be used | |||||||||||||
| PC-lint Plus |
| 534 | Fully supported | |||||||||||||
| CERT C: Rec. EXP12-C | Checks for situations where returned Returned value of a sensitive function not checked | Sensitive functions called without checking for unexpected return values and errors | PRQA QA-C | ||||||||||||
| Include Page | PRQA QA-C_v | PRQA QA-C_v | 3200 | Fully implementedis not checked (rec. fully covered) | ||||||||||||
| PVS-Studio |
| V530, V698, V757, V797 | ||||||||||||||
| RuleChecker |
| error-information-unused | Partially checked | |||||||||||||
| Splint |
|
...