CWE-253: Incorrect Check of Function Return Value

Description

The product incorrectly checks a return value from a function, which prevents it from detecting errors or exceptional conditions.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE
Extended Description

Important and common functions will return some value about the success of its actions. This will alert the program whether or not to handle any errors caused by that function.

Example Vulnerable Codes

Example - 1

This code attempts to allocate memory for 4 integers and checks if the allocation succeeds.



// //should have checked if the call returned 0// 
perror("Failure");tmp = malloc(sizeof(int) * 4);if (tmp < 0 ) {}

The code assumes that only a negative return value would indicate an error, but malloc() may return a null pointer when there is an error. The value of tmp could then be equal to 0, and the error would be missed.

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-573: Improper Following of Specification by Caller
Go to
CWE-754: Improper Check for Unusual or Exceptional Conditions
Go to

Visit http://cwe.mitre.org/ for more details.

© cvefeed.io
Latest DB Update: Nov. 21, 2024 17:39