ERR(3) | Library Functions Manual | ERR(3) |
void
err(int status, const char *fmt, ...);
void
verr(int status, const char *fmt, va_list args);
void
errx(int status, const char *fmt, ...);
void
verrx(int status, const char *fmt, va_list args);
void
warn(const char *fmt, ...);
void
vwarn(const char *fmt, va_list args);
void
warnx(const char *fmt, ...);
void
vwarnx(const char *fmt, va_list args);
The err(), verr(), errx(), and verrx() functions do not return, but instead cause the program to terminate with the status value given by the argument status. It is often appropriate to use the value EXIT_FAILURE, defined in <stdlib.h>, as the status argument given to these functions.
if ((p = malloc(size)) == NULL) err(EXIT_FAILURE, NULL); if ((fd = open(file_name, O_RDONLY, 0)) == -1) err(EXIT_FAILURE, "%s", file_name);
Display an error message and terminate with status indicating failure:
if (tm.tm_hour < START_TIME) errx(EXIT_FAILURE, "too early, wait until %s", start_time_string);
Warn of an error:
if ((fd = open(raw_device, O_RDONLY, 0)) == -1) warnx("%s: %s: trying the block device", raw_device, strerror(errno)); if ((fd = open(block_device, O_RDONLY, 0)) == -1) warn("%s", block_device);
%s
'. An attacker can put format specifiers in the string to mangle your stack, leading to a possible security hole. This holds true even if you have built the string “by hand” using a function like snprintf(), as the resulting string may still contain user-supplied conversion specifiers for later interpolation by the err() and warn() functions.Always be sure to use the proper secure idiom:
err(1, "%s", string);
March 21, 2001 | NetBSD 6.1 |