...
Many implementations of the stdio package adjust their behavior slightly if stdout is a terminal. To make the determination, these implementations perform some operation that fails (with ENOTTY) if stdout is not a terminal. Although the output operation goes on to complete successfully, errno still contains ENOTTY. This behavior can be mildly confusing, but it is not strictly incorrect because it is only meaningful for a program to inspect the contents of errno only after an error has been reported. More precisely, errno is meaningful only meaningful after a library function that sets errno on error has returned an error code.
| Code Block | ||||
|---|---|---|---|---|
| ||||
errno = 0;
printf("This\n");
printf("is\n");
printf("a\n");
printf("test.\n");
if (errno != 0) {
fprintf(stderr, "printf failed: %s\n", strerror(errno));
}
|
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
printf("This\n");
printf("is\n");
printf("a\n");
printf("test.\n");
if (ferror(stdout)) {
fprintf(stderr, "printf failed\n");
}
|
...
Checking errno after multiple calls to library functions can lead to spurious error reporting, possibly resulting in incorrect program operation.
Recommendation | Severity | Likelihood |
|---|
Detectable | Repairable | Priority | Level |
|---|---|---|---|
ERR01-C | Low |
Probable |
Yes |
Yes | P6 | L2 |
Automated Detection
Tool | Version | Checker | Description |
|---|
|
|
| Section |
|---|
stlibuse |
| CC2.ERR01 | Fully implemented | |||||||
| LDRA tool suite |
| 44 S | Enhanced Enforcement | ||||||
| Parasoft C/C++test |
| CERT_C-ERR01-a | The error indicator 'errno' shall not be used |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
...
...
...
ISO/IEC TR 24772 "NZN Returning error status"
Bibliography
...
| [ |
...
...
...
| ] | Section 14, |
...
| p. |
...
| 254 |
...
| [ |
...
...
...
| ] | Section 5.4, |
...
| p. |
...
| 73 |
...