SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 54

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 55

changes.mady.by.user Arthur Hicken

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: update parasoft

...

The C Standard identifies four different kinds of nonportable behavior. Each section of Annex J of the C Standard enumerates distinct instances of behaviors of each kind.

Nonportable Behavior

Definition

Annex J Section

Unspecified behavior

Behavior for which the standard provides two or more possibilities and imposes no further requirements on which is chosen in any instance.

J.1

Undefined behavior

Behavior, upon use of a nonportable or erroneous program construct or of erroneous data, for which the standard imposes no requirements. An example of undefined behavior is the behavior on signed integer overflow.

J.2

Implementation-defined behavior

Unspecified behavior whereby each implementation documents how the choice is made.

J.3

Locale-specific behavior

Behavior that depends on local conventions of nationality, culture, and language that each implementation documents.

J.4

An example of undefined behavior is passing a null char* pointer as an argument to the printf function corresponding to the %s format specification. Although some implementations (such as the GNU C Library) provide well-defined semantics for this case, others do not, causing programs that rely on this behavior to fail abnormally.

...

Unnecessary platform dependencies are, by definition, unnecessary. Avoiding these dependencies can eliminate porting errors resulting from invalidated assumptions.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

MSC14-C

Low

Unlikely

Medium

P2

L3

Automated Detection

Tool

Version

Checker

Description

LDRA tool suite
Include Page
LDRA_V
LDRA_V
17 D, 69 S, 42 SPartially implemented
Parasoft C/C++test
Include Page
c:
Parasoft_V
c:
Parasoft_V
JSF
MISRA-
203
051
Partially implemented
Implemented
PRQA QA-C
Include Page
PRQA QA-C_v
PRQA QA-C_v

0202, 284, 581, 634, 1434, 0240, 0241, 0246, 0551, 0601,
0633, 0635, 0660, 0662, 0830, 0831, 0899, 1001, 1002,
1003, 1006, 1008, 1012, 1014, 1015, 1019, 1020, 1021,
1022, 1026, 1028, 1029, 1034, 1035, 1036, 1037, 1038,
1041, 1042, 1043, 1044, 1045, 1046, 3664

Partially implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++ Coding StandardVOID MSC14-CPP. Do not introduce unnecessary platform dependencies
ISO/IEC TR 24772Unspecified Behaviour [BQF]

Bibliography

[Dowd 2006]Chapter 6, "C Language Issues" ("Arithmetic Boundary Conditions," pp. 211–223)
[Seacord 2013]Chapter 5, "Integer Security"

 


...