View Help Online

Start here

Home
About Klocwork
What's new
Fixed issues
Release notes
Installation

Reference

C/C++ checkers
Java checkers
C# checkers
MISRA C 2004 checkers
MISRA C++ 2008 checkers
MISRA C 2012 checkers
MISRA C 2012 checkers with Amendment 1
Commands
Metrics
Troubleshooting
Reference

Product components

C/C++ Integration build analysis
Java Integration build analysis
Desktop analysis
Refactoring
Klocwork Static Code Analysis
Klocwork Code Review
Structure101
Tuning
Custom checkers

Coding environments

Visual Studio
Eclipse for C/C++
Eclipse for Java
IntelliJ IDEA
Other

Administration

Project configuration
Build configuration
Administration
Analysis performance
Server performance
Security/permissions
Licensing
Klocwork Static Code Analysis Web API
Klocwork Code Review Web API

Community

View help online
Visit RogueWave.com
Klocwork Support
Rogue Wave Videos

Legal

Legal information

SV.RVT.RETVAL_NOTTESTED

Ignored return value

It's important to check return values to ensure that functions were successful, since ignoring exceptions and error conditions may allow an attacker to introduce unexpected behavior. The SV.RVT.RETVAL_NOTTESTED checker reports ignored return value codes for the following functions:

function return values to check
socket -1, 0
recv 0, -1
pthread_mutex_destroy 0
pthread_mutex_lock 0
pthread_mutex_trylock 0
pthread_mutex_unlock 0
pthread_mutex_timedlock 0
pthread_mutex_getprioceiling 0
pthread_mutex_setprioceiling 0
pthread_cond_init 0
pthread_cond_destroy 0
pthread_cond_wait 0
pthread_cond_timedwait 0
pthread_cond_broadcast 0
pthread_rwlock_init 0
pthread_rwlock_destroy 0
pthread_rwlock_rdlock 0
pthread_rwlock_tryrdlock 0
pthread_rwlock_timedrdlock 0
pthread_rwlock_wrlock 0
pthread_rwlock_trywrlock 0
pthread_rwlock_timedwrlock 0
pthread_rwlock_unlock 0
pthread_rwlockattr_init 0
pthread_rwlockattr_destroy 0
pthread_spin_init 0
pthread_spin_destroy 0
pthread_spin_lock 0
pthread_spin_trylock 0
pthread_spin_unlock 0
pthread_barrier_init 0
pthread_barrier_destroy 0

Vulnerability and risk

These vulnerabilities typically occur when the software doesn't check for unusual or exceptional conditions that aren't expected to happen frequently. However, attackers may use these conditions to trigger unusual actions, introducing instability, incorrect behavior, or vulnerability. Even if there's no attack, bad data can be used in operations if the return value isn't checked, possibly leading to incorrect program flow, violation of data integrity, or application failure.

Mitigation and prevention

Add validation of return value and code to handle exceptional cases, making sure that there are mechanisms for checking and handling unusual or unexpected conditions. To ensure that exceptions are handled by the code, identify error conditions by running the program under low memory conditions or with insufficient privileges, interrupting a transaction, or disabling connectivity to network services.

Vulnerable code example

1  #include <pthread.h>
2  
3  int foo() {
4      pthread_cond_t cond;
5      int res;
6      res = pthread_cond_init(&cond, NULL);
7      return 0;
8  }

Klocwork produces an issue report at line 6, indicating that the return value of 'pthread_cond_init' is not compared with 0. When a return value isn't checked, unexpected program behavior can occur.

Fixed code example

1  #include <pthread.h>
2  
3  int foo() {
4      pthread_cond_t cond;
5      int res;
6      res = pthread_cond_init(&cond, NULL);
7      if (res != 0) return 1;
8      return 0;
9  }

In the fixed example, there is a check at line 7 for the return value.

Security Guidelines

Parent topic: Ignored return values

© Rogue Wave Software, Inc. All rights reserved. | Contact