...
If something_really_bad_happens in g(), the function prints an error message to stderr and then calls abort(). The problem is that this application-independent code does not know the context in which it is being called, so it is erroneous to handle the error.
“Smart Libraries,” Practice 23 [Miller 2004], says:
...
- Source and object code can significantly increase in size, perhaps some sources suggest by as much as 30 as 30 to 40 percent [Saks 2007b].
- All function return values must be checked (see ERR33-C. Detect and handle standard library errors).
- Functions should not return other values if they return error indicators (see ERR02-C. Avoid in-band error indicators).
- Any function that allocates resources must ensure they are freed in cases where errors occur.
...
Recommendation | Severity | Likelihood | Detectable | RepairableRemediation Cost | Priority | Level |
|---|---|---|---|---|---|---|
ERR05-C | Medium | Probable | Yes | NoHigh | P4P8 | L3L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Compass/ROSE | Could detect violations of this rule merely by reporting functions that call | ||||||||||||
| Parasoft C/C++test |
| MISRA2004-20_11 | Use of getenv(), abort(), exit() and system()CERT_C-ERR05-a | The 'abort()' function from the 'stdlib.h' or 'cstdlib' library shall not be used | |||||||||
| Security Reviewer - Static Reviewer |
| C32 | Fully implemented |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...