CERT-ERR33-C_c
Synopsis
Detect and handle standard library errors.
Enabled by default
Yes
Severity/Certainty
High/High
Full description
The majority of the standard library functions, including I/O functions and memory allocation functions, return either a valid value or a value of the correct return type that indicates an error (for example, -1 or a null pointer). It is essential that programs detect and appropriately handle all errors in accordance with an error-handling policy. This check warns on usage of standard library functions listed in EX1 without checking for errors or explicitly discard the return value.
Coding standards
- CERT ERR33-C
Detect and handle errors
- CWE 252
Unchecked Return Value
- CWE 253
Incorrect Check of Function Return Value
- CWE 391
Unchecked Error Condition
Code examples
The following code example fails the check and will give a warning:
#include<stdio.h>
void example(void) {
printf("Hello, world\n");
}
The following code example passes the check and will not give a warning about this issue:
#include<stdio.h>
void example(void) {
(void) printf("Hello, world\n"); // printf() return value safely ignored
}