SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 88

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 89

changes.mady.by.user Arthur Hicken

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: font

...

Code Block
bgColor#ccccff
langc
#include <string.h>
 
void func(void) {
  char s[10] = "abc";
  strcpy(&s[3], "def");
}

Risk Assessment

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

STR11-C

Low

Probable

Low

P6

L2

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
 

Supported, but no explicit checker
Compass/ROSE

 

 

 




ECLAIR

Include Page
ECLAIR_V
ECLAIR_V

CC2.STR36

Fully implemented

LDRA tool suite
Include Page
LDRA_V
LDRA_V
404 SPartially implemented
Parasoft C/C++test
Include Page
c:
Parasoft_V
c:
Parasoft_V
CODSTA-16
 

Polyspace Bug FinderR2016a

Missing null in string array

String does not terminate with null character

PRQA QA-C
Include Page
PRQA QA-C_v
PRQA QA-C_v
1312,0690Partially implemented
Splint
Include Page
Splint_V
Splint_V
 

 



Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C Secure Coding StandardARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer
STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string
SEI CERT C++ Coding StandardVOID STR08-CPP. Do not specify the bound of a character array initialized with a string literal
ISO/IEC TR 24772:2013String Termination [CJM]

Bibliography

[ECTC 1998]Section A.8, "Character Array Initialization"
[ISO/IEC 9899:2011]Subclause 6.7.9, "Initialization"
[Seacord 2013]Chapter 2, "Strings"

...


...