shared × unstructured — bad data written permanently, and it spreads

Unchecked Sentinel Corrupts a Shared Record

A 'not found' sentinel return used unchecked as a write offset writes past the start of a shared file -- the same unchecked-return defect that elsewhere becomes the CWE-690 null dereference.

01the recipe

In the wild

compound ofMissing & Undefined ReturnsCWE-252 Unchecked ReturnFile & Network AccesscompoundCWE-787 OOB Write

example.c

// SMELL: an unchecked -1 'not found' return used as a write offset.
// (missing/undefined returns x file/network access)
long off = index_of(key);         // returns -1 when key is absent -- unchecked
pwrite(fd, rec, sizeof rec,
       off * sizeof rec);         // off == -1 -> writes before the file start,
                                  // corrupting the shared record

// RIGHT: check the sentinel before trusting it as an offset.
long off = index_of(key);
if (off < 0) return -1;           // absent -> append or error, never write blind
pwrite(fd, rec, sizeof rec, off * sizeof rec);

index_of() signals 'not found' with -1, but the caller never checks it; using -1 as a record offset writes past the start of the shared file, corrupting it for every later reader. The same unchecked-return defect becomes a null dereference in the CWE-690 chain (Runtime Errors) and a bad write here. Check the sentinel before trusting it.

// observed

unchecked: a -1 'not found' used as offset -> shared file corrupted
right: sentinel checked -> no blind write; the record stays intact

02weakness catalog

Mapped weaknesses (CWE)

On its own, this defect is catalogued by MITRE as one or more of these weaknesses. The exploitable vulnerability usually appears only when it chains or combines with another.