Ignored function return value

From OWASP
Jump to: navigation, search


Overview

If a functions return value is not checked, it could have failed without any warning.

Consequences

  • Integrity: The data which was produced as a result of a function could be in a bad state.

Exposure period

Implementation: This flaw is a simple logic issue, introduced entirely at implementation time.

Platform

  • Languages: C or C++
  • Operating platforms: Any

Required resources

Any

Severity

Medium

Likelihood of exploit

Low

Avoidance and mitigation

  • Implementation: Check all functions which return a value
  • Implementation: When designing any function make sure you return a value or throw an exception in case of an error
  • discussion

Important and common functions will return some value about the success of its actions. This will alert the program whether or not to handle any errors caused by that function

Example

In C/C++:

malloc(sizeof(int)*4);

In Java:

Although some Java members may use return values to state their status, it is preferable to use exceptions.

Related problems

Not available.

Categories