CERT-ERR33-C_d
In this section:
Synopsis
Detect and handle standard library errors.
Enabled by default
Yes
Severity/Certainty
High/High
Full description
The majority of the standard library functions, including I/O functions and memory allocation functions, return either a valid value or a value of the correct return type that indicates an error (for example, -1 or a null pointer). It is essential that programs detect and appropriately handle all errors in accordance with an error-handling policy.
Coding standards
- CERT ERR33-C
Detect and handle errors
- CWE 252
Unchecked Return Value
- CWE 253
Incorrect Check of Function Return Value
- CWE 391
Unchecked Error Condition
Code examples
The following code example fails the check and will give a warning:
#include <stdlib.h>
void *p;
void func(size_t new_size) {
if (new_size == 0) {
/* Handle error */
}
p = realloc(p, new_size);
if (p == NULL) {
/* Handle error */
}
}
The following code example passes the check and will not give a warning about this issue:
#include <stdlib.h>
void *p;
void func(size_t new_size) {
void *q;
if (new_size == 0) {
/* Handle error */
}
q = realloc(p, new_size);
if (q == NULL) {
/* Handle error */
} else {
p = q;
}
}