SEI CERT C Coding Standard

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 52 Next »

Recommendations

ERR00-C. Adopt and implement a consistent and comprehensive error-handling policy

ERR01-C. Use ferror() rather than errno to check for FILE stream errors

ERR02-C. Avoid in-band error indicators

ERR03-C. Use runtime-constraint handlers when calling functions defined by TR24731-1

ERR04-C. Choose an appropriate termination strategy

ERR05-C. Application-independent code should provide error detection without dictating error handling

ERR06-C. Understand the termination behavior of assert() and abort()

ERR07-C. Prefer functions that support error checking over equivalent functions that don't

Rules

ERR30-C. Set errno to zero before calling a library function known to set errno, and check errno only after the function returns a value indicating failure

ERR31-C. Don't redefine errno

ERR32-C. Do not rely on indeterminate values of errno

Risk Assessment Summary

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

ERR00-C

medium

probable

high

P4

L3

ERR01-C

low

probable

low

P6

L2

ERR02-C

low

unlikely

high

P1

L3

ERR03-C

low

unlikely

medium

P2

L3

ERR04-C

medium

probable

high

P4

L3

ERR05-C

medium

probable

high

P4

L3

ERR06-C

medium

unlikely

medium

P4

L3

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

ERR30-C

low

unlikely

medium

P2

L3

ERR31-C

low

unlikely

low

P3

L3

ERR32-C

low

unlikely

low

P3

L3

Related Rules and Recommendations

DCL09-C. Declare functions that return errno with a return type of errno_t
FIO40-C. Reset strings on fgets() or fgetws() failure
FLP03-C. Detect and handle floating-point errors
FLP32-C. Prevent or detect domain and range errors in math functions
MSC11-C. Incorporate diagnostic tests using assertions

      CERT C Secure Coding Standard      

  • No labels