Ignored Function Return Value

From Guidance Share

Jump to: navigation, search

Contents

Description

If a functions return value is not checked, it could have failed without any warning.

Applies To

  • Languages: C or C++
  • Operating platforms: Any

Example

The following code allocates memory but doesn't check the return value for failure:

malloc(sizeof(int)*4);

Impact

  • Integrity: The data which was produced as a result of a function could be in a bad state.

Vulnerabilities

  • Failure to check return values.

Countermeasures

  • Implementation: Check all functions which return a value
  • Implementation: When designing any function make sure you return a value or throw an exception in case of an error

Vulnerability Patterns

How Tos

Personal tools