Recommendations

ERR00-C. Adopt and implement a consistent and comprehensive error-handling policy

ERR01-C. Use ferror() rather than errno to check for FILE stream errors

ERR02-C. Avoid in-band error indicators

ERR03-C. Use runtime-constraint handlers when calling functions defined by TR24731-1

ERR04-C. Choose an appropriate termination strategy

ERR05-C. Application-independent code should provide error detection without dictating error handling

ERR06-C. Understand the termination behavior of assert() and abort()

ERR07-C. Prefer functions that support error checking over equivalent functions that don't

Rules

ERR30-C. Set errno to zero before calling a library function known to set errno, and check errno only after the function returns a value indicating failure

ERR31-C. Don't redefine errno

ERR32-C. Do not rely on indeterminate values of errno

VOID ERR33-C. Always check for errors when using threads

Risk Assessment Summary

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

ERR00-C

medium

probable

high

P4

L3

ERR01-C

low

probable

low

P6

L2

ERR02-C

low

unlikely

high

P1

L3

ERR03-C

low

unlikely

medium

P2

L3

ERR04-C

medium

probable

high

P4

L3

ERR05-C

medium

probable

high

P4

L3

ERR06-C

medium

unlikely

medium

P4

L3

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

ERR30-C

low

unlikely

medium

P2

L3

ERR31-C

low

unlikely

low

P3

L3

ERR32-C

low

unlikely

low

P3

L3

Related Rules and Recommendations


      CERT C Secure Coding Standard