SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 6

changes.mady.by.user Robert Seacord

Saved on

compared with

New Version 7

changes.mady.by.user Robert Seacord

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#FFCCCC
int opener(FILE* file, int *width, int *height, int *data_offset) {
  int file_w;
  int file_h;
  int file_o;
  intfpos_t offset;

  if (file = 0;
= NULL) { return -1; }
  if (fgetpos(file, &offset) !== NULL0) { return -1; }
  if (fscanf(file, "%i %i %i", &file_w, &file_h, &file_o)  != 3) { return -1; }
  if (fsetpos(file, &offset) != 0) { return -1; }

  *width = file_w;
  *height = file_h;
  *data_offset = file_o;

  return 0; 
}

...

Code Block
bgColor#ccccff
errno_t opener(FILE* file, int *width, int *height, int *data_offset) {
  int file_w;
  int file_h;
  int file_o;
  int rc;
  fpos_t offset;

  if (file == NULL) { return EINVAL; }
  if ((rc = fgetpos(file, &offset);
  if (rc) != 0 ) { return (errno_t)rc; }
  if (fscanf(file, "%i %i %i", &file_w, &file_h, &file_o)  != 3) { return EIO; }
  if ((rc = fsetpos(file, &offset));
  if (rc != 0 ) { return -1rc; }
 
  *width = file_w;
  *height = file_h;
  *data_offset = file_o;

  return 0; 
}

NOTE: Neither EINVAL nor EIO are defined in C99 but are defined in most implementations.

Risk Assessment

Failing to test for error conditions can lead to vulnerabilities of varying severity. Declaring functions that return an errno with a return type of errno_t will not eliminate this problem, but will help mitigate in its mitigation.

...