Incorrect Check of Function Return Value
Weakness ID: 253 (Weakness Base)Status: Incomplete
+ Description

Description Summary

The software incorrectly checks a return value from a function, which prevents the software from detecting errors or exceptional conditions.
+ Time of Introduction
  • Implementation
+ Applicable Platforms

Languages

All

+ Common Consequences
ScopeEffect
Integrity

The data -- which were produced as a result of an improperly checked return value of a function -- could be in a bad state.

+ Likelihood of Exploit

Low

+ Demonstrative Examples

Example 1

(Bad Code)
Example Languages: C and C++ 
tmp = malloc(sizeof(int) * 4);
if (tmp < 0 ) {
perror("Failure");
//should have checked if the call returned 0
}
+ Potential Mitigations

Requirements specification: Use a language or compiler that uses exceptions and requires the catching of those exceptions.

Phase: Implementation

Properly check all functions which return a value.

Phase: Implementation

When designing any function make sure you return a value or throw an exception in case of an error.

+ Other Notes

Important and common functions will return some value about the success of its actions. This will alert the program whether or not to handle any errors caused by that function.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class227Failure to Fulfill API Contract ('API Abuse')
Development Concepts (primary)699
ChildOfCategoryCategory389Error Conditions, Return Values, Status Codes
Development Concepts699
ChildOfWeakness ClassWeakness Class573Failure to Follow Specification
Research Concepts (primary)1000
ChildOfWeakness ClassWeakness Class754Improper Check for Unusual or Exceptional Conditions
Research Concepts1000
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
CLASPMisinterpreted function return value
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
CLASPExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-09-08CWE Content TeamMITREInternal
updated Common Consequences, Relationships, Other Notes, Taxonomy Mappings
2008-11-24CWE Content TeamMITREInternal
updated Demonstrative Examples
2009-03-10CWE Content TeamMITREInternal
updated Description, Name, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2009-03-10Misinterpreted Function Return Value