Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM Cost Reform

Use ferror() rather than errno to check for any accumulated errors, for whether an error has occurred on a file stream (for example, after a long string chain of stdio calls). The ferror() function tests the error indicator for a specified stream and returns nonzero if and only if the error indicator is set for the stream.

...

Noncompliant Code Example

Many implementations of the stdio package adjust their behavior slightly if stdout is a terminal. To make the determination, these implementations perform some operation which happens to fail that fails (with ENOTTY) if stdout is not a terminal. Although the output operation goes on to complete successfully, errno still contains ENOTTY. This behavior can be mildly confusing, but it is not strictly incorrect , because it is only meaningful for a program to inspect the contents of errno only after an error has been reported. ( More precisely, errno is meaningful only meaningful after a library function that sets errno on error has returned an error code.)

Code Block
bgColor#FFcccc
langc

errno = 0;
printf("This\n");
printf("is\n");
printf("a\n");
printf("test.\n");
if (errno != 0) {
  fprintf(stderr, "printf failed: %s\n", strerror(errno));
}

Compliant Solution

This compliant solution uses ferror() to detect an error.   In addition, if an early call to printf() fails, later calls may modify errno, whether they fail or not, so the program cannot rely on being able to detect the root cause of the original failure if it waits until after a sequence of library calls to check.

Code Block
bgColor#ccccff
langc

printf("This\n");
printf("is\n");
printf("a\n");
printf("test.\n");
if (ferror(stdout)) {
  fprintf(stderr, "printf failed\n");
}

Risk Assessment

Checking errno after multiple calls to library functions can lead to spurious error reporting, possibly resulting in incorrect program operation.

Recommendation

Severity

Likelihood

Detectable

Remediation Cost

Repairable

Priority

Level

ERR01-

A

3 (high)

3 (likely)

1 (high)

P9

L2

C

Low

Probable

Yes

Yes

P6

L2

Automated Detection

Tool

Version

Checker

Description

ECLAIR

Include Page
ECLAIR_V
ECLAIR_V

CC2.ERR01

Fully implemented

LDRA tool suite
Include Page
LDRA_V
LDRA_V
44 SEnhanced Enforcement
Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_C-ERR01-aThe error indicator 'errno' shall not be used

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[Horton 90|AA. C References#Horton 90]\] Section 14 p. 254
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.3.1.1, "Boolean, characters, and integers", Section  7.1.4, Section 7.9.10.3
\[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\] "NZN Returning error status"
\[[Koenig 89|AA. C References#Koenig 89]\] Section 5.4 p. 73

Related Guidelines

Bibliography

[Horton 1990]Section 14, p. 254
[Koenig 1989]Section 5.4, p. 73


...

Image Added Image Added Image AddedERR00-A. Adopt and implement a consistent error handling policy      13. Error Handling with errno (ERR)       ERR02-A. Reserved