...
If something_really_bad_happens in g(), the function prints an error message to stderr and then calls abort(). The problem is that this application-independent code does not know the context in which it is being called, so it is erroneous to handle the error.
“Smart Libraries,” Practice 23 [Miller 2004], says:
...
A return type of errno_t indicates that the function returns a status indicator . (See see DCL09-C. Declare functions that return errno with a return type of errno_t).)
This error-handling approach is secure, but it has the following drawbacks:
- Source and object code can significantly increase in size, perhaps some sources suggest by as much as 30 as 30 to 40 percent [Saks 2007b].
- All function return values must be checked . (See void MEM32see ERR33-C. Detect and handle memory allocation standard library errors).)
- Functions should not return other values if they return error indicators . (See see ERR02-C. Avoid in-band error indicators).)
- Any function that allocates resources must ensure they are freed in cases where errors occur.
...
The following table summarizes the characteristics of error-reporting and error-detection mechanisms.
Method | Code Increase | Manages Allocated Resources | Automatically Enforceable |
|---|---|---|---|
Return value | Big (30–40%) | No | Yes |
Address argument | Bigger | No | No |
Global indicator | Medium | No | Yes |
| Small | No | n/a |
Risk Assessment
Lack of an error-detection mechanism prevents applications from knowing when an error has disrupted normal program behavior.
Recommendation | Severity | Likelihood |
|---|
Detectable | Repairable | Priority | Level |
|---|---|---|---|
ERR05-C | Medium | Probable | Yes |
No |
P8 |
L2 |
Automated Detection
Tool | Version | Checker | Description |
|---|---|---|---|
| Compass/ROSE |
Could detect violations of this rule merely by reporting functions that call | |||||||||
| Parasoft C/C++test |
| CERT_C-ERR05-a | The 'abort()' function from the 'stdlib.h' or 'cstdlib' library shall not be used | ||||||
| Security Reviewer - Static Reviewer |
| C32 | Fully implemented |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| SEI CERT C++ Coding Standard | VOID ERR05-CPP. Application-independent code should provide error detection without dictating error handling |
Bibliography
...
...