SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 98

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 99

changes.mady.by.user Jakub Zwolakowski

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added TrustInSoft Analyzer to the Automated Detection table.

...

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
error-information-unused
error-information-unused-computed		Partially checked
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-ERR33
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

LANG.FUNCS.IRV

Ignored return value
Compass/ROSE

Can detect violations of this recommendation when checking for violations of EXP12-C. Do not ignore values returned by functions and EXP34-C. Do not dereference null pointers

Coverity
Include Page
Coverity_V
Coverity_V

MISRA C 2012 Rule 22.8

MISRA C 2012 Rule 22.9

MISRA C 2012 Rule 22.10

Implemented
LDRA tool suite
Include Page
LDRA_V
LDRA_V

80 D

Partially implemented
Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V

CERT_C-ERR33-a
CERT_C-ERR33-b
CERT_C-ERR33-c
CERT_C-ERR33-d

The value returned by a function having non-void return type shall be used
The value returned by a function having non-void return type shall be used
Avoid null pointer dereferencing
Always check the returned value of non-void function

Parasoft Insure++

Runtime analysis

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

Errno not checked

Return value of a sensitive function not checked

Unprotected dynamic memory allocation

MISRA C:2012 Rule 17.7

MISRA C:2012 Rule 22.9

errno is not checked for error conditions following function call

Sensitive functions called without checking for unexpected return values and errors

Pointer returned from dynamic allocation not checked for NULL value

The value returned by a function having non-void return type shall be used

The value of errno shall be tested against zero after calling an errno-setting function

PRQA QA-C
Include Page
PRQA QA-C_v
PRQA QA-C_v

3200

Partially implemented
PRQA QA-C++
Include Page
cplusplus:PRQA QA-C++_V
cplusplus:PRQA QA-C++_V

2820, 2821, 2822, 2823, 2824, 2930, 2931,

2932, 2933, 2934, 3802, 3803, 3804


RuleChecker

Include Page
RuleChecker_V
RuleChecker_V

error-information-unusedPartially checked
TrustInSoft Analyzer

Include Page
TrustInSoft Analyzer_V
TrustInSoft Analyzer_V

pointer arithmeticExhaustively verified.

Related Vulnerabilities

The vulnerability in Adobe Flash [VU#159523] arises because Flash neglects to check the return value from calloc(). Even when calloc() returns a null pointer, Flash writes to an offset from the return value. Dereferencing a null pointer usually results in a program crash, but dereferencing an offset from a null pointer allows an exploit to succeed without crashing the program.

...