SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 26

changes.mady.by.user Anirban Gangopadhyay

Saved on

compared with

New Version 27

changes.mady.by.user Will Snavely

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tip

The table below can be re-ordered, by clicking column headers.

...

Include Page
c:Polyspace Bug Finder_V
c:Polyspace Bug Finder_V

Checker

Guideline

(strict) SIG30-C. Call only asynchronous-safe functions within signal handlers
Abnormal termination of exit handler ENV32-C. All exit handlers must return normally
Absorption of float operand FLP00-C. Understand the limitations of floating-point numbers
Accessing object with temporary lifetime EXP35-C. Do not modify objects with temporary lifetime
Alignment changed after memory allocation MEM36-C. Do not modify the alignment of objects by calling realloc()
Alternating input and output from a stream without flush or positioning call FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call
Arithmetic operation with NULL pointer EXP34-C. Do not dereference null pointers
Array access out of bounds ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
Array access out of bounds ARR38-C. Guarantee that library functions do not form invalid pointers
Array access out of bounds STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
Array access out of bounds API02-C. Functions that read or write to or from an array should take an argument to specify the source or target size
Array access out of bounds ARR00-C. Understand how arrays work
Array access with tainted index ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
Array access with tainted index API02-C. Functions that read or write to or from an array should take an argument to specify the source or target size
Bad file access mode or status
FIO11
EXP37-C.
Take care when specifying the mode parameter of fopen() Bad
Call functions with the correct number and type of arguments
Bad file access mode or status FIO11-C. Take care when specifying the mode parameter of fopen()
Bad order of dropping privileges POS36-C. Observe correct revocation order while relinquishing privileges
Bitwise and arithmetic operation on the same data INT14-C. Avoid performing bitwise and arithmetic operations on the same data
Bitwise operation on negative value INT13-C. Use bitwise operators only on unsigned operands
Buffer overflow from incorrect string format specifier ARR38-C. Guarantee that library functions do not form invalid pointers
Buffer overflow from incorrect string format specifier STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
Buffer overflow from incorrect string format specifier STR03-C. Do not inadvertently truncate a string
Call to memset with unintended value INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
Character value absorbed into EOF FIO34-C. Distinguish between characters read from a file and EOF or WEOF
Closing a previously closed resource FIO46-C. Do not access a closed file
Command executed from an externally controlled path ENV33-C. Do not call system()
Command executed from externally controlled path STR02-C. Sanitize data passed to complex subsystems
Constant block cipher initialization vector MSC18-C. Be careful while handling sensitive data, such as passwords, in program code
Constant cipher key MSC18-C. Be careful while handling sensitive data, such as passwords, in program code
Copy of overlapping memory EXP43-C. Avoid undefined behavior when using restrict-qualified pointers
Data race CON32-C. Prevent data races when accessing bit-fields from multiple threads
Data race CON43-C. Do not allow data races in multithreaded code
Data race POS49-C. When data must be accessed by multiple threads, provide a mutex and guarantee no adjacent data is also accessed
Data race CON09-C. Avoid the ABA problem when using lock-free algorithms
Data race through standard library function call CON33-C. Avoid race conditions when using library functions
Dead code MSC01-C. Strive for logical completeness
Dead code MSC07-C. Detect and remove dead code
Dead code MSC12-C. Detect and remove code that has no effect or is never executed
Deadlock CON35-C. Avoid deadlock by locking in a predefined order
Deadlock POS51-C. Avoid deadlock with POSIX threads by locking in predefined order
Deallocation of previously deallocated pointer MEM30-C. Do not access freed memory
Deallocation of previously deallocated pointer MEM00-C. Allocate and free memory in the same module, at the same level of abstraction
Declaration mismatch DCL40-C. Do not create incompatible declarations of the same function or object
Declaration mismatch EXP37-C. Call functions with the correct number and type of arguments
Destination buffer overflow in string manipulation ARR38-C. Guarantee that library functions do not form invalid pointers
Destination buffer overflow in string manipulation
STR38
STR31-C.
Do not
Guarantee that storage for strings has sufficient space for character data and the null terminator
Destination buffer overflow in string manipulation STR38-C. Do not confuse narrow and wide character strings and functions
Destination buffer overflow in string manipulation ENV01-C. Do not make assumptions about the size of an environment variable
Destination buffer overflow in string manipulation STR07-C. Use the bounds-checking interfaces for string manipulation
Destination buffer underflow in string manipulation ARR38-C. Guarantee that library functions do not form invalid pointers
Destruction of locked mutex CON31-C. Do not destroy a mutex while it is locked
Destruction of locked mutex POS48-C. Do not unlock or destroy another POSIX thread's mutex
Deterministic random output from constant seed MSC32-C. Properly seed pseudorandom number generators
Double lock CON01-C. Acquire and release synchronization primitives in the same module, at the same level of abstraction
Double unlock CON01-C. Acquire and release synchronization primitives in the same module, at the same level of abstraction
Environment pointer invalidated by previous operation ENV31-C. Do not rely on an environment pointer following an operation that may invalidate it
Errno not checked ERR33-C. Detect and handle standard library errors
Errno not reset ERR30-C. Set errno to zero before calling a library function known to set errno, and check errno only after the function returns a value indicating failure
Execution of externally controlled command ENV33-C. Do not call system()
Execution of externally controlled command STR02-C. Sanitize data passed to complex subsystems
File access between time of check and use (TOCTOU) FIO45-C. Avoid TOCTOU race conditions while accessing files
File access between time of check and use (TOCTOU) POS35-C. Avoid race conditions while checking for the existence of a symbolic link
File access between time of check and use (TOCTOU) FIO01-C. Be careful using functions that use file names for identification
File descriptor exposure to child process POS38-C. Beware of race conditions when using fork and file descriptors
File manipulation after chroot() without chdir("/") POS05-C. Limit access to files by creating a jail
Float conversion overflow FLP34-C. Ensure that floating-point conversions are within range of the new type
Float conversion overflow FLP03-C. Detect and handle floating-point errors
Float division by zero FLP03-C. Detect and handle floating-point errors
Float overflow FLP03-C. Detect and handle floating-point errors
Float overflow FLP06-C. Convert integers to floating point for floating-point operations
Format string specifiers and arguments mismatch EXP37-C. Call functions with the correct number and type of arguments
Format string specifiers and arguments mismatch DCL11-C. Understand the type issues associated with variadic functions
Function called from signal-handler not asynchronous safe SIG30-C. Call only asynchronous-safe functions within signal handlers
Guarantee that storage for strings has sufficient space for character data and null terminator
Function called from signal-handler not asynchronous safe SIG30-C. Call only asynchronous-safe functions within signal handlers
STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
Hard coded buffer size DCL06-C. Use meaningful symbolic constants to represent literal values
Hard coded loop boundary DCL06-C. Use meaningful symbolic constants to represent literal values
Hard-coded object size used to manipulate memory EXP09-C. Use sizeof to determine the size of a type or variable
Improper array initialization ARR00-C. Understand how arrays work
Improper array initialization ARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer
Incorrect data type passed to va_arg EXP47-C. Do not call va_arg with an argument of the incorrect type
Incorrect pointer scaling ARR39-C. Do not add or subtract a scaled integer to a pointer
Incorrect pointer scaling EXP08-C. Ensure pointer arithmetic is used correctly
Information leak via structure padding DCL39-C. Avoid information leakage when passing a structure across a trust boundary
Inline constraint not respected MSC40-C. Do not violate constraints
Integer conversion overflow INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
Integer conversion overflow FLP34-C. Ensure that floating-point conversions are within range of the new type
Integer conversion overflow INT02-C. Understand integer conversion rules
Integer conversion overflow INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
Integer division by zero INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors
Integer overflow INT32-C. Ensure that operations on signed integers do not result in overflow
Integer overflow INT00-C. Understand the data model used by your implementation(s)
Integer overflow INT02-C. Understand integer conversion rules
Integer overflow INT08-C. Verify that all integer values are in range
Integer overflow INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
Invalid assumptions about memory organization ARR37-C. Do not add or subtract an integer to a pointer to a non-array object
Invalid file position FIO44-C. Only use values for fsetpos() that are returned from fgetpos()
Invalid free of pointer MEM34-C. Only free memory allocated dynamically
Invalid free of pointer MEM00-C. Allocate and free memory in the same module, at the same level of abstraction
Invalid use of = operator EXP45-C. Do not perform assignments in selection statements
Invalid use of standard library floating point routine FLP32-C. Prevent or detect domain and range errors in math functions
Invalid use of standard library floating point routine FLP03-C. Detect and handle floating-point errors
Invalid use of standard library
memory
integer routine
ARR38
STR37-C.
Guarantee that library functions do not form invalid pointers
Arguments to character-handling functions must be representable as an unsigned char
Invalid use of standard library memory routine
API00
EXP34-C.
Functions should validate their parameters
Do not dereference null pointers
Invalid use of standard library memory routine
API00-C. Functions should validate their parameters Invalid use of standard library string routine
ARR38-C. Guarantee that library functions do not form invalid pointers
Invalid use of standard library
string
memory routine
STR32
ARR39-C. Do not
pass a non-null-terminated character sequence to a library function that expects a string
add or subtract a scaled integer to a pointer
Invalid use of standard library memory routine API00-C. Functions should validate their parameters
Invalid use of standard library
string
routine API00-C. Functions should validate their parameters
Invalid
va_list argument MSC39
use of standard library string routine ARR38-C.
Do not call va_arg() on a va_list that has an indeterminate value
Guarantee that library functions do not form invalid pointers
Invalid use of standard library string routine STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
Invalid use of standard library string routine STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string
Invalid use of standard library string routine MEM30-C. Do not access freed memory
Invalid use of standard library string routine API00-C. Functions should validate their parameters
Invalid va_list argument MSC39-C. Do not call va_arg() on a va_list that has an indeterminate value
Library loaded from externally controlled path STR02-C. Sanitize data passed to complex subsystems
Library loaded from externally controlled path WIN00-C. Be specific when dynamically loading libraries
Load of library from a relative path can be controlled by an external actor WIN00-C. Be specific when dynamically loading libraries
Loop bounded with tainted value INT04-C. Enforce limits on integer values originating from tainted sources
Loop bounded with tainted value MSC21-C. Use robust loop termination conditions
Memory allocated with tainted size ARR32-C. Ensure size arguments for variable length arrays are in a valid range
Memory allocation with tainted size MEM35-C. Allocate sufficient memory for an object
Memory allocation with tainted size INT04-C. Enforce limits on integer values originating from tainted sources
Memory allocation with tainted size MEM07-C. Ensure that the arguments to calloc(), when multiplied, do not wrap
Memory allocation with tainted size MEM10-C. Define and use a pointer validation function
Memory allocation with tainted size
Library loaded from externally controlled path STR02-C. Sanitize data passed to complex subsystems Library loaded from externally controlled path WIN00-C. Be specific when dynamically loading libraries Load of library from a relative path can be controlled by an external actor WIN00-C. Be specific when dynamically loading libraries Loop bounded with tainted value INT04-C. Enforce limits on integer values originating from tainted sources Loop bounded with tainted value MSC21-C. Use robust loop termination conditions Memory allocation with tainted size MEM35-C. Allocate sufficient memory for an object Memory allocation with tainted size INT04-C. Enforce limits on integer values originating from tainted sources Memory allocation with tainted size MEM07-C. Ensure that the arguments to calloc(), when multiplied, do not wrap Memory allocation with tainted size MEM10-C. Define and use a pointer validation function Memory allocation with tainted size MEM11-C. Do not assume infinite heap space Memory comparison of float-point values FLP37-C. Do not use object representations to compare floating-point values Memory comparison of padding data EXP42-C. Do not compare padding data Memory leak MEM31-C. Free dynamically allocated memory when no longer needed Memory leak
MEM11-C. Do not assume infinite heap space
Memory
leak MEM12-C. Consider using a goto chain when leaving a function on error when using and releasing resources Mismatch between data length and size
comparison of float-point values FLP37-C. Do not use object representations to compare floating-point values
Memory comparison of padding data EXP42-C. Do not compare padding data
Memory leak MEM31-C. Free dynamically allocated memory when no longer needed
Memory leak MEM11-C. Do not assume infinite heap space
Memory leak MEM12-C. Consider using a goto chain when leaving a function on error when using and releasing resources
Mismatch between data length and size ARR38-C. Guarantee that library functions do not form invalid pointers
Mismatched alloc/dealloc functions on Windows WIN30-C. Properly pair allocation and deallocation functions
MISRA C:2012 Dir 4.13 MEM30-
MISRA2012-DIR-1_1 FLP30-
C. Do not
use floating-point variables as loop counters MISRA2012-RULE-8_1 DCL31-C. Declare identifiers before using them MISRA2012-RULE-8_2
access freed memory
MISRA C:2012 Directive 4.5 DCL02-C. Use visually distinct identifiers
MISRA C:2012 Directive 4.14 EXP34
DCL36
-C. Do not
declare an identifier with conflicting linkage classifications
dereference null pointers
MISRA C:2012 Rule 5.1 DCL40-C. Do not create incompatible declarations of the same function or object
MISRA C:2012 Rule 5.3 DCL01-C. Do not reuse variable names in subscopes
MISRA C:2012 Rule 8.1 DCL31-C. Declare identifiers before using them
MISRA C:2012 Rule 8.2
MISRA2012-RULE-8_4 DCL36-C. Do not declare an identifier with conflicting linkage classifications MISRA2012-RULE-8_8
DCL36-C. Do not declare an identifier with conflicting linkage classifications
MISRA2012-RULE-13_
MISRA C:2012 Rule 8.2
PRE31
DCL07-C.
Avoid side effects in arguments to unsafe macros
Include the appropriate type information in function declarators
MISRA C:2012 Rule 8.3 DCL40
MISRA2012-RULE-13_2 EXP30
-C. Do not
depend on the order of evaluation for side effects
create incompatible declarations of the same function or object
MISRA C:2012 Rule 8.3 EXP37-C. Call functions with the correct number and type of arguments
MISRA C:2012 Rule 8.4 DCL36-C. Do not declare an identifier with conflicting linkage classifications
MISRA C:2012 Rule 8.8
MISRA2012-RULE-14_1 FLP30-C. Do not use floating-point variables as loop counters MISRA2012-RULE-17_3 DCL31-C. Declare identifiers before using them MISRA2012-RULE-17_3
DCL36-C. Do not declare an identifier with conflicting linkage classifications
MISRA2012-RULE-21_1 DCL37-C. Do not declare or define a reserved identifier MISRA2012-RULE-21_2
MISRA C:2012 Rule 8.11 ARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer
MISRA C:2012 Rule 8.14 EXP43-C. Avoid undefined behavior when using restrict-qualified pointers
MISRA C:2012 Rule 9.5 ARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer
MISRA C:2012 Rule 10.1 EXP46-C. Do not use a bitwise operator with a Boolean-like operand
MISRA C:2012 Rule 10.1 INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
MISRA C:2012 Rule 10.3 INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
MISRA C:2012 Rule 10.4 INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
MISRA C:2012 Rule 10.6 INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
MISRA C:2012 Rule 10.7 INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
MISRA C:2012 Rule 11.1 EXP36-C. Do not cast pointers into more strictly aligned pointer types
MISRA C:2012 Rule 11.1 EXP37-C. Call functions with the correct number and type of arguments
MISRA C:2012 Rule 11.1 DCL07-C. Include the appropriate type information in function declarators
MISRA C:2012 Rule 11.2 EXP36-C. Do not cast pointers into more strictly aligned pointer types
MISRA C:2012 Rule 11.3 EXP36-C. Do not cast pointers into more strictly aligned pointer types
MISRA C:2012 Rule 11.3 EXP39-C. Do not access a variable through a pointer of an incompatible type
MISRA C:2012 Rule 11.5 EXP36-C. Do not cast pointers into more strictly aligned pointer types
MISRA C:2012 Rule 11.6 INT36-C. Converting a pointer to integer or integer to pointer
MISRA C:2012 Rule 11.7 EXP36-C. Do not cast pointers into more strictly aligned pointer types
MISRA C:2012 Rule 11.8 EXP32-C. Do not access a volatile object through a nonvolatile reference
MISRA C:2012 Rule 12.5 ARR01-C. Do not apply the sizeof operator to a pointer when taking the size of an array
MISRA C:2012 Rule 13.2 PRE31-C. Avoid side effects in arguments to unsafe macros
MISRA C:2012 Rule 13.2 EXP30-C. Do not depend on the order of evaluation for side effects
MISRA C:2012 Rule 13.6 EXP44-C. Do not rely on side effects in operands to sizeof, _Alignof, or _Generic
MISRA C:2012 Rule 14.1 FLP30-C. Do not use floating-point variables as loop counters
MISRA C:2012 Rule 16.1 DCL41-C. Do not declare variables inside a switch statement before the first case label
MISRA C:2012 Rule 17.3 DCL31-C. Declare identifiers before using them
MISRA C:2012 Rule 17.3 DCL36-C. Do not declare an identifier with conflicting linkage classifications
MISRA C:2012 Rule 17.3 EXP37-C. Call functions with the correct number and type of arguments
MISRA C:2012 Rule 17.7 ERR33-C. Detect and handle standard library errors
MISRA C:2012 Rule 18.1 ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
MISRA C:2012 Rule 18.1 ARR39-C. Do not add or subtract a scaled integer to a pointer
MISRA C:2012 Rule 18.2 ARR36-C. Do not subtract or compare two pointers that do not refer to the same array
MISRA C:2012 Rule 18.6 DCL30-C. Declare objects with appropriate storage durations
MISRA C:2012 Rule 18.6 MEM30-C. Do not access freed memory
MISRA C:2012 Rule 21.1 DCL37-C. Do not declare or define a reserved identifier
MISRA C:2012 Rule 21.2 DCL37-C. Do not declare or define a reserved identifier
MISRA C:2012 Rule 21.16 EXP42-C. Do not compare padding data
MISRA C:2012 Rule 21.17 STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string
MISRA C:2012 Rule 21.19 ENV30-C. Do not modify the object referenced by the return value of certain functions
MISRA C:2012 Rule 22.1 MEM30-C. Do not access freed memory
MISRA C:2012 Rule 22.1 FIO42-C. Close files when they are no longer needed
MISRA C:2012 Rule 22.2 MEM30-C. Do not access freed memory
MISRA C:2012 Rule 22.2 MEM34-C. Only free memory allocated dynamically
MISRA C:2012 Rule 22.7 FIO34-C. Distinguish between characters read from a file and EOF or WEOF
MISRA C:2012 Rule 22.8 ERR30-C. Set errno to zero before calling a library function known to set errno, and check errno only after the function returns a value indicating failure
MISRA C:2012 Rule 22.9 ERR33-C. Detect and handle standard library errors
MISRA C:2012 Rule 22.10 ERR30-C. Set errno to zero before calling a library function known to set errno, and check errno only after the function returns a value indicating failure
DCL37-C. Do not declare or define a reserved identifier
Missing break of switch case MSC17-C. Finish every set of statements associated with a case label with a break statement
Missing byte reordering when transferring data POS39-C. Use the correct byte ordering when transferring data between systems
Missing case for switch condition MSC01-C. Strive for logical completeness
Missing case for switch condition MSC07-C. Detect and remove dead code
Missing lock CON01-C. Acquire and release synchronization primitives in
the same module, at the same level of abstraction
the same module, at the same level of abstraction
Missing null in string array STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
Missing null in string array STR11-C. Do not specify the bound of a character array initialized with a string literal
Missing reset of a freed pointer MEM01-C. Store a new value in pointers immediately after free()
Missing return statement MSC37-C. Ensure that control never reaches the end of a non-void function
Missing unlock CON01-C. Acquire and release synchronization primitives in the same module, at the same level of abstraction
Missing unlock MEM12-C. Consider using a goto chain when leaving a function on error when using and releasing resources
Misuse of a FILE object FIO38-C. Do not copy a FILE object
Misuse of errno ERR30-C. Set errno to zero before calling a library function known to set errno, and check errno only after the function returns a value indicating failure
Misuse of errno in a signal handler ERR32-C. Do not rely on indeterminate values of errno
Misuse of readlink() POS30-C. Use the readlink() function properly
Misuse of return value from nonreentrant standard function ENV34-C. Do not store pointers returned by certain functions
Misuse of sign-extended character value STR34-C. Cast characters to unsigned char before converting to larger integer sizes
Misuse of sign-extended character value STR37-C. Arguments to character-handling functions must be representable as an unsigned char
Misuse of structure with flexible-array member MEM33-C. Allocate and copy structures containing a flexible array member dynamically
Modification of internal buffer returned from nonreentrant standard function ENV30-C. Do not modify the object referenced by the return value of certain functions
Modification of internal buffer returned from nonreentrant standard function STR06-C. Do not assume that strtok() leaves the parse string unchanged
Non-initialized pointer EXP33-C. Do not read uninitialized memory
Non-initialized variable EXP33-C. Do not read uninitialized memory
Non-initialized variable MSC39-C. Do not call va_arg() on a va_list that has an indeterminate value
Null pointer EXP34-C. Do not dereference null pointers
Opening previously opened resource FIO24-C. Do not open a file that is already open
Pointer access out of bounds EXP39-C. Do not access a variable through a pointer of an incompatible type
Pointer access out of bounds ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
Pointer access out of bounds ARR38-C. Guarantee that library functions do not form invalid pointers
Pointer access out of bounds ARR39-C. Do not add or subtract a scaled integer to a pointer
Pointer access out of bounds STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
Pointer access out of bounds MEM35-C. Allocate sufficient memory for an object
Pointer access out of bounds API02-C. Functions that read or write to or from an array should take an argument to specify the source or target size
Pointer access out of bounds EXP08-C. Ensure pointer arithmetic is used correctly
Pointer dereference with tainted offset ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
Pointer dereference with tainted offset API02-C. Functions that read or write to or
array subscripts
from an array should take an argument to specify the source or target size
Pointer or reference to stack variable leaving scope DCL30-C. Declare objects with appropriate storage durations
Possible misuse of sizeof ARR38-C. Guarantee that library functions do not form invalid pointers
Possible misuse of sizeof ARR39-C. Do not add or subtract a scaled integer to a pointer
Possible misuse of sizeof ARR00-C. Understand how arrays work
Possible misuse of sizeof ARR01-C. Do not apply the sizeof operator to a pointer when taking the size of an array
Possibly unintended evaluation of expression because of operator precedence rules EXP00-C. Use parentheses for precedence of operation
Possibly unintended evaluation of expression because of operator precedence rules EXP13-C. Treat relational and equality operators as if they were nonassociative
Predefined macro used as object MSC38-C. Do not treat a predefined identifier as an object if it might only be implemented as a macro
predictable cipher key MSC18-C. Be careful while handling sensitive data, such as passwords, in program code
Predictable random output from predictable seed MSC32-C. Properly seed pseudorandom number generators
Preprocessor directive in macro argument PRE32-C. Do not use preprocessor directives in invocations of function-like macros
Privilege drop not verified POS37-C. Ensure that privilege relinquishment is successful
Qualifier removed in conversion EXP32-C. Do not access a volatile object through a nonvolatile reference
Qualifier removed in conversion EXP37-C. Call functions with the correct number and type of arguments
Qualifier removed in conversion EXP05-C. Do not cast away a const qualification
Resource leak FIO42-C. Close files when they are no longer needed
Resource leak MEM12-C. Consider using a goto chain when leaving a function on error when using and releasing resources
Return from computational exception signal handler SIG35-C. Do not return from a computational exception signal handler
Returned
Return value of a sensitive function not checked ERR33-C. Detect and handle standard library errors
Returned value of a sensitive function not checked POS54-C. Detect and handle POSIX library errors
Returned value of a sensitive function not checked EXP12-C. Do not ignore values returned by functions
Sensitive data printed out MEM06-C. Ensure that sensitive data is not written out to disk
Sensitive heap memory not cleared before release MEM03-C. Clear sensitive information stored in reusable resources
Sensitive heap memory not cleared before release MSC18-C. Be careful while handling sensitive data, such as passwords, in program code
Shared data access within signal handler SIG31-C. Do not access shared objects in signal handlers
Shift of a negative value INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand
Shift operation overflow INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand
Side effect of expression ignored EXP44-C. Do not rely on side effects in operands to sizeof, _Alignof, or _Generic
Sign change integer conversion overflow INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
Signal call from within signal handler SIG34-C. Do not call signal() from within interruptible signal handlers
Standard function call with incorrect arguments EXP37-C. Call functions with the correct number and type of arguments
Standard function call with incorrect arguments STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string
Standard function call with incorrect arguments FIO46-C. Do not access a closed file
Standard function call with incorrect arguments API00-C. Functions should validate their parameters
Stream argument with possibly unintended side effects FIO41-C. Do not call getc(), putc(), getwc(), or putwc() with a stream argument that has side effects
Subtraction or comparison between pointers to different arrays ARR36-C. Do not subtract or compare two pointers that do not refer to the same array
Tainted Data Defects API00-C. Functions should validate their parameters
Tainted division operand INT32-C. Ensure that operations on signed integers do not result in overflow
Tainted division operand INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors
Tainted modulo operand INT32-C. Ensure that operations on signed integers do not result in overflow
Tainted modulo operand INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors
Tainted modulo operand INT10-C. Do not assume a positive remainder when using the % operator
Tainted NULL or non-null-terminated string STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
Tainted NULL or non-null-terminated string STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string
Tainted NULL or non-null-terminated string ENV01-C. Do not make assumptions about the size of an environment variable
Tainted sign change conversion INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
Tainted sign change conversion INT02-C. Understand integer conversion rules
Tainted sign change conversion MEM04-C. Beware of zero-length allocations
Tainted sign change conversion MEM11-C. Do not assume infinite heap space
Tainted sign change conversion MSC21-C. Use robust loop termination conditions
Tainted size of variable length array ARR32-C. Ensure size arguments for variable length arrays are in a valid range
Tainted size of variable length array INT04-C. Enforce limits on integer values originating from tainted sources
Tainted size of variable length array MEM04-C. Beware of zero-length allocations
Tainted size of variable length array MEM05-C. Avoid large stack allocations
Tainted string format FIO30-C. Exclude user input from format strings
Too many va_arg calls for current argument list EXP47-C. Do not call va_arg with an argument of the incorrect type
Umask used with chmod-style arguments FIO06-C. Create files with appropriate access permissions
Uncleared sensitive data in stack MEM03-C. Clear sensitive information stored in reusable resources
Uncleared sensitive data in stack MSC18-C. Be careful while handling sensitive data, such as passwords, in program code
Universal character name from token concatenation PRE30-C. Do not
create a universal character name through concatenation
create a universal character name through concatenation
Unprotected dynamic memory allocation ERR33-C. Detect and handle standard library errors
Unprotected dynamic memory allocation MEM10-C. Define and use a pointer validation function
Unprotected dynamic memory allocation MEM11-C. Do not assume infinite heap space
Unreachable code MSC01-C. Strive for logical completeness
Unreachable code MSC07-C. Detect and remove dead code
Unreachable code MSC12-C. Detect and remove code that has no effect or is never executed
Unreliable cast of function pointer EXP37-C. Call functions with the correct number and type of arguments
Unreliable cast of pointer EXP36-C. Do not cast pointers into more strictly aligned pointer types
Unreliable cast of pointer EXP39-C. Do not access a variable through a pointer of an incompatible type
Unreliable cast of pointer STR38-C. Do not confuse narrow and wide character strings and functions
Unsafe call to a system function ENV33-C. Do not call system()
Unsafe conversion between pointer and integer INT36-C. Converting a pointer to integer or integer to pointer
Unsafe conversion from string to numeric value ERR34-C. Detect errors when converting a string to a number
Unsafe standard encryption function MSC18-C. Be careful while handling sensitive data, such as passwords, in program code
Unsigned integer conversion overflow INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
Unsigned integer conversion overflow FLP34-C. Ensure that floating-point conversions are within range of the new type
Unsigned integer conversion overflow INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
Unsigned integer overflow INT30-C. Ensure that unsigned integer operations do not wrap
Unsigned integer overflow INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
Unused parameter MSC13-C. Detect and remove unused values
Use of automatic variable as putenv-family function argument POS34-C. Do not call putenv()
with a pointer to an automatic variable as the argument
with a pointer to an automatic variable as the argument
Use of dangerous standard function STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
Use of dangerous standard function API02-C. Functions that read or write to or from an array should take an argument to specify the source or target size
Use of dangerous standard function ENV01-C. Do not make assumptions about the size of an environment variable
Use of dangerous standard function STR07-C. Use the bounds-checking interfaces for string manipulation
Use of indeterminate string FIO40-C. Reset strings on fgets() or fgetws() failure
Use of memset with size argument zero MSC12-C. Detect and remove code that has no effect or is never executed
Use of non-secure temporary file FIO03-C. Do not make assumptions about fopen() and file creation
Use of non-secure temporary file FIO21-C. Do not create temporary files in shared directories
Use of obsolete standard function MSC33-C. Do not pass invalid data to the asctime() function
Use of obsolete standard function POS33-C. Do not use vfork()
Use of obsolete standard function MSC24-C. Do not use deprecated or obsolescent functions
Use of plain char type for numerical value INT07-C. Use only explicitly signed or unsigned char type for numeric values
Use of previously closed resource FIO46-C. Do not access a closed file
Use of previously freed pointer MEM30-C. Do not access freed memory
Use of previously freed pointer MEM00-C. Allocate and free memory in the same module, at the same level of abstraction
Use of setjmp/longjmp MSC22-C. Use the setjmp(), longjmp() facility securely
Use of tainted pointer EXP34-C. Do not dereference null pointers
Use of tainted pointer ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
Use of tainted pointer ARR38-C. Guarantee that library functions do not form invalid pointers
Use of tainted pointer API02-C. Functions that read or write to or from an array should take an argument to specify the source or target size
Use of tainted pointer MEM10-C. Define and use a pointer validation function
Variable length array with nonpositive size MEM04-C. Beware of zero-length allocations
Variable length array with nonpositive size MEM05-C. Avoid large stack allocations
Variable shadowing DCL01-C. Do not reuse variable names in subscopes
Vulnerable path manipulation FIO02-C. Canonicalize path names originating from tainted sources
Vulnerable permission assignments FIO06-C. Create files with appropriate access permissions
Vulnerable pseudo-random number generator MSC30-C. Do not use the rand() function for generating pseudorandom numbers
Write without a further read MSC13-C. Detect and remove unused values
Write without a further reads DCL22-C. Use volatile for data that cannot be cached
Writing to const qualified object EXP40-C. Do not modify constant objects
Writing to const qualified object STR30-C. Do not attempt to modify string literals
Writing to const qualified object STR05-C. Use pointers to const when referring to string literals
Writing to const qualified object STR06-C. Do not assume that strtok() leaves the parse string unchanged
Wrong allocated object size for cast EXP36-C. Do not cast pointers into more strictly aligned pointer types
Wrong allocated object size for cast STR38-C. Do not confuse narrow and wide character strings and functions
Wrong allocated object size for cast MEM02-C. Immediately cast the result of a memory allocation function call into a pointer to the allocated type
Wrong type used in sizeof MEM35-C. Allocate sufficient memory for an object
Wrong type used in sizeof ARR00-C. Understand how arrays work
Wrong type used in sizeof ARR01-C. Do not apply the sizeof operator to a pointer when taking the size of an array
Wrong type used in sizeof MEM02-C. Immediately cast the result of a memory allocation function call into a pointer to the allocated type