CXX.ERRNO.NOT_SET
Errno is not reset to zero before calling library function
The CXX.ERRNO.NOT_SET checker flags cases where the value of errno is not reset to zero before calling a library function.
Vulnerability and risk
The value of errno may be incorrectly set by any previous call of a library function. If code checks the value of errno after calling library function, without resetting it first, it can lead to the incorrect execution of code.
Mitigation and prevention
Always reset the value of errno to zero before calling any library function that sets the value of errno.
Vulnerable code example 1
#include <errno.h>
#include <limits.h>
#include <stdlib.h>
void func(const char *c_str) {
unsigned long number;
char *endptr;
number = strtoul(c_str, &endptr, 0);
if (errno == ERANGE) {
/* Handle error */
} else {
/* Computation succeeded */
}
}
In this noncompliant example, the code fails to set the value of errno to zero before invoking strtoul(). If an error occurs, strtoul() returns a valid value (ULONG_MAX), so errno is the only means of determining if strtoul() ran successfully.
Fixed code example 1
#include <errno.h>
#include <limits.h>
#include <stdlib.h>
void func(const char *c_str) {
unsigned long number;
char *endptr;
errno = 0;
number = strtoul(c_str, &endptr, 0);
if (errno == ERANGE) {
/* Handle error */
} else {
/* Computation succeeded */
}
}
In this fixed example, the code sets the value of errno to zero before the call to strtoul() and then inspects the value of errno after the call.
Vulnerable code example 2
#include <errno.h>
#include <stdio.h>
void func(const char *filename) {
FILE *fileptr;
errno = 0;
fileptr = fopen(filename, "rb");
if (errno != 0) {
/* Handle error */
}
}
In this noncompliant example, the code may fail to diagnose errors because fopen() may not set the value of errno even if an error occurs.
Fixed code example 2
#include <stdio.h>
void func(const char *filename) {
FILE *fileptr = fopen(filename, "rb");
if (fileptr == NULL) {
/* An error occurred in fopen() */
}
The C Standard makes no mention of errno when describing fopen(). In this compliant example, the code uses the results of the call to fopen() to determine failure and does not check the value of errno.
Extension
This checker can be extended through the Klocwork knowledge base (KBs). See Tuning C/C++ analysis for more information.