CWE Rule 474

Use of Function with Inconsistent Implementations

Since R2023a

expand all in page

Description

Rule Description

The code uses a function that has inconsistent implementations across operating systems and versions.

Polyspace Implementation

The rule checker checks for these issues:

Signal call from within signal handler
Use of obsolete standard function

Examples

expand all

Signal call from within signal handler

Issue

This issue occurs when you call the function signal() from a signal handler on Windows^® platforms.

The defect is detected only if you specify a Visual Studio compiler. See Compiler (-compiler).

Risk

The function signal() associates a signal with a signal handler function. On platforms such as Windows, which removes this association after receiving the signal, you might call the function signal() again within the signal handler to re-establish the association.

However, this attempt to make a signal handler persistent is prone to race conditions. On Windows platforms, from the time the signal handler begins execution to when the signal function is called again, it is the default signal handling, SIG_DFL, that is active. If a second signal is received within this time window, you see the default signal handling and not the custom signal handler, but you might expect otherwise.

Fix

Do not call signal() from a signal handler on Windows platforms.

Example — signal() Called from Signal Handler

#include <stdio.h>
#include <stdlib.h>
#include <signal.h>
#include <unistd.h>



volatile sig_atomic_t e_flag = 0;

void sig_handler(int signum)
{
    int s0 = signum;
    e_flag = 1;
	
	/* Call signal() to reestablish sig_handler 
	upon receiving SIG_ERR. */
   
    if (signal(s0, sig_handler) == SIG_ERR)  //Noncompliant
    {
        /* Handle error */       
    }
}

void func(void)
{
        if (signal(SIGINT, sig_handler) == SIG_ERR)
        {
            /* Handle error */
            
        }
  /* more code */
}

In this example, the definition of sig_handler() includes a call to signal() when the handler catches SIG_ERR. On Windows platforms, signal handlers are nonpersistent. This code can result in a race condition.

The issue is detected only if you specify a compiler such as visual15.x for the analysis.

Correction — Do Not Call signal() from Signal Handler

Avoid attempting to make a signal handler persistent on Windows. If your code requires the use of a persistent signal handler on a Windows platform, use a persistent signal handler after performing a thorough risk analysis.

#include <stdio.h>
#include <stdlib.h>
#include <signal.h>
#include <unistd.h>



volatile sig_atomic_t e_flag = 0;


void sig_handler(int signum)
{
    int s0 = signum;
    e_flag = 1;
    /* No call to signal() */
}

int main(void)
{
    
        if (signal(SIGINT, sig_handler) == SIG_ERR)
        {
            /* Handle error */
            
        }
}

Use of obsolete standard function

Issue

This issue occurs when you use standard function routines that are considered legacy, removed, deprecated, or obsolete by C/C++ coding standards.

Obsolete Function	Standards	Risk	Replacement Function
`asctime`	Deprecated in POSIX.1-2008	Not thread-safe.	`strftime` or `asctime_s`
`asctime_r`	Deprecated in POSIX.1-2008	Implementation based on unsafe function `sprintf`.	`strftime` or `asctime_s`
`bcmp`	Deprecated in 4.3BSD Marked as legacy in POSIX.1-2001.	Returns from function after finding the first differing byte, making it vulnerable to timing attacks.	`memcmp`
`bcopy`	Deprecated in 4.3BSD Marked as legacy in POSIX.1-2001.	Returns from function after finding the first differing byte, making it vulnerable to timing attacks.	`memcpy` or `memmove`
`brk` and `sbrk`	Marked as legacy in SUSv2 and POSIX.1-2001.		`malloc`
`bsd_signal`	Removed in POSIX.1-2008		`sigaction`
`bzero`	Marked as legacy in POSIX.1-2001. Removed in POSIX.1-2008.		`memset`
`ctime`	Deprecated in POSIX.1-2008	Not thread-safe.	`strftime` or `asctime_s`
`ctime_r`	Deprecated in POSIX.1-2008	Implementation based on unsafe function `sprintf`.	`strftime` or `asctime_s`
`cuserid`	Removed in POSIX.1-2001.	Not reentrant. Precise functionality not standardized causing portability issues.	`getpwuid`
`ecvt` and `fcvt`	Marked as legacy in POSIX.1-2001. Removed in POSIX.1-2008	Not reentrant	`snprintf`
`ecvt_r` and `fcvt_r`	Marked as legacy in POSIX.1-2001. Removed in POSIX.1-2008		`snprintf`
`ftime`	Removed in POSIX.1-2008		`time`, `gettimeofday`, `clock_gettime`
`gamma`, `gammaf`, `gammal`	Function not specified in any standard because of historical variations	Portability issues.	`tgamma`, `lgamma`
`gcvt`	Marked as legacy in POSIX.1-2001. Removed in POSIX.1-2008.		`snprintf`
`getcontext`	Removed in POSIX.1-2008.	Portability issues.	Use POSIX thread instead.
`getdtablesize`	BSD API function not included in POSIX.1-2001	Portability issues.	`sysconf( _SC_OPEN_MAX )`
`gethostbyaddr`	Removed in POSIX.1-2008	Not reentrant	`getaddrinfo`
`gethostbyname`	Removed in POSIX.1-2008	Not reentrant	`getnameinfo`
`getpagesize`	BSD API function not included in POSIX.1-2001	Portability issues.	`sysconf( _SC_PAGESIZE )`
`getpass`	Removed in POSIX.1-2001.	Not reentrant.	`getpwuid`
`getw`	Not present in POSIX.1-2001.		`fread`
`getwd`	Marked legacy in POSIX.1-2001. Removed in POSIX.1-2008.		`getcwd`
`index`	Marked as legacy in POSIX.1-2001. Removed in POSIX.1-2008.		`strchr`
`makecontext`	Removed in POSIX.1-2008.	Portability issues.	Use POSIX thread instead.
`memalign`	Appears in SunOS 4.1.3. Not in 4.4 BSD or POSIX.1-2001		`posix_memalign`
`mktemp`	Removed in POSIX.1-2008.	Generated names are predictable and can cause a race condition.	`mkstemp` removes race risk
`pthread_attr_getstackaddr` and `pthread_attr_setstackaddr`		Ambiguities in the specification of the `stackaddr` attribute cause portability issues	`pthread_attr_getstack` and `pthread_attr_setstack`
`putw`	Not present in POSIX.1-2001.	Portability issues.	`fwrite`
`qecvt` and `qfcvt`	Marked as legacy in POSIX.1-2001, removed in POSIX.1-2008		`snprintf`
`qecvt_r` and `qfcvt_r`	Marked as legacy in POSIX.1-2001, removed in POSIX.1-2008		`snprintf`
`rand_r`	Marked as obsolete in POSIX.1-2008
`re_comp`	BSD API function	Portability issues	`regcomp`
`re_exes`	BSD API function	Portability issues	`regexec`
`rindex`	Marked as legacy in POSIX.1-2001. Removed in POSIX.1-2008.		`strrchr`
`scalb`	Removed in POSIX.1-2008		`scalbln`, `scalblnf`, or `scalblnl`
`sigblock`	4.3BSD signal API whose origin is unclear		`sigprocmask`
`sigmask`	4.3BSD signal API whose origin is unclear		`sigprocmask`
`sigsetmask`	4.3BSD signal API whose origin is unclear		`sigprocmask`
`sigstack`	Interface is obsolete and not implemented on most platforms.	Portability issues.	`sigaltstack`
`sigvec`	4.3BSD signal API whose origin is unclear		`sigaction`
`swapcontext`	Removed in POSIX.1-2008	Portability issues.	Use POSIX threads.
`tmpnam` and `tmpnam_r`	Marked as obsolete in POSIX.1-2008.	This function generates a different string each time it is called, up to TMP_MAX times. If it is called more than TMP_MAX times, the behavior is implementation-defined.	`mkstemp`, `tmpfile`
`ttyslot`	Removed in POSIX.1-2001.
`ualarm`	Marked as legacy in POSIX.1-2001. Removed in POSIX.1-2008.	Errors are under-specified	`setitimer` or POSIX `timer_create`
`usleep`	Removed in POSIX.1-2008.		`nanosleep`
`utime`	SVr4, POSIX.1-2001. POSIX.1-2008 marks as obsolete.
`valloc`	Marked as obsolete in 4.3BSD. Marked as legacy in SUSv2. Removed from POSIX.1-2001		`posix_memalign`
`vfork`	Removed from POSIX.1-2008	Under-specified in previous standards.	`fork`
`wcswcs`	This function was not included in the final ISO/IEC 9899:1990/Amendment 1:1995 (E).		`wcsstr`
`WinExec`	WinAPI provides this function only for 16-bit Windows compatibility.		`CreateProcess`
`LoadModule`	WinAPI provides this function only for 16-bit Windows compatibility.		`CreateProcess`

Fix

The fix depends on the root cause of the defect. See fixes in the table above and code examples with fixes below.

If you do not want to fix the issue, add comments to your result or code to avoid another review. See:

Address Results in Polyspace User Interface Through Bug Fixes or Justifications if you review results in the Polyspace user interface.
Address Results in Polyspace Access Through Bug Fixes or Justifications (Polyspace Access) if you review results in a web browser.
Annotate Code and Hide Known or Acceptable Results if you review results in an IDE.

Example — Printing Out Time

#include <stdio.h>
#include <time.h> 

void timecheck_bad(int argc, char *argv[])
{
    time_t ticks; 

    ticks = time(NULL);
    printf("%.24s\r\n", ctime(&ticks));  //Noncompliant
}

In this example, the function ctime formats the current time and prints it out. However, ctime was removed after C99 because it does not work on multithreaded programs.

Correction — Different Time Function

One possible correction is to use strftime instead because this function uses a set buffer size.

#include <stdio.h>
#include <string.h>
#include <time.h> 

void timecheck_good(int argc, char *argv[])
{
    char outBuff[1025];
    time_t ticks; 
    struct tm * timeinfo;
    
    memset(outBuff, 0, sizeof(outBuff)); 
    
    ticks = time(NULL);
    timeinfo = localtime(&ticks);
    strftime(outBuff,sizeof(outBuff),"%I:%M%p.",timeinfo);
    fprintf(stdout, outBuff);
}

Check Information

Category: API / Function Errors

Version History

Introduced in R2023a