Checker | Guideline |
---|
Abnormal termination of exit handler | ENV32-C. All exit handlers must return normally |
Absorption of float operand | FLP00-C. Understand the limitations of floating-point numbers |
Accessing object with temporary lifetime | EXP35-C. Do not modify objects with temporary lifetime |
Alignment changed after memory allocation | MEM36-C. Do not modify the alignment of objects by calling realloc() |
Alternating input and output from a stream without flush or positioning call | FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call |
Arithmetic operation with NULL pointer | EXP34-C. Do not dereference null pointers |
Array access out of bounds | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
Array access out of bounds | ARR38-C. Guarantee that library functions do not form invalid pointers |
Array access out of bounds | STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator |
Array access out of bounds | API02-C. Functions that read or write to or from an array should take an argument to specify the source or target size |
Array access out of bounds | ARR00-C. Understand how arrays work |
Array access out of bounds | MSC15-C. Do not depend on undefined behavior |
Array access with tainted index | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
Array access with tainted index | API02-C. Functions that read or write to or from an array should take an argument to specify the source or target size |
Array access with tainted index | INT04-C. Enforce limits on integer values originating from tainted sources |
Bad file access mode or status | EXP37-C. Call functions with the correct number and type of arguments |
Bad file access mode or status | FIO11-C. Take care when specifying the mode parameter of fopen() |
Bad order of dropping privileges | POS36-C. Observe correct revocation order while relinquishing privileges |
Bitwise and arithmetic operation on the same data | INT14-C. Avoid performing bitwise and arithmetic operations on the same data |
Bitwise operation on negative value | INT13-C. Use bitwise operators only on unsigned operands |
Buffer overflow from incorrect string format specifier | ARR38-C. Guarantee that library functions do not form invalid pointers |
Buffer overflow from incorrect string format specifier | STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator |
Buffer overflow from incorrect string format specifier | STR03-C. Do not inadvertently truncate a string |
Call to memset with unintended value | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
Character value absorbed into EOF | FIO34-C. Distinguish between characters read from a file and EOF or WEOF |
Closing a previously closed resource | FIO46-C. Do not access a closed file |
Command executed from an externally controlled path | ENV33-C. Do not call system() |
Command executed from externally controlled path | STR02-C. Sanitize data passed to complex subsystems |
Constant block cipher initialization vector | MSC18-C. Be careful while handling sensitive data, such as passwords, in program code |
Constant cipher key | MSC18-C. Be careful while handling sensitive data, such as passwords, in program code |
Copy of overlapping memory | EXP43-C. Avoid undefined behavior when using restrict-qualified pointers |
Copy of overlapping memory | MSC15-C. Do not depend on undefined behavior |
Data race | CON32-C. Prevent data races when accessing bit-fields from multiple threads |
Data race | CON43-C. Do not allow data races in multithreaded code |
Data race | POS49-C. When data must be accessed by multiple threads, provide a mutex and guarantee no adjacent data is also accessed |
Data race | CON09-C. Avoid the ABA problem when using lock-free algorithms |
Data race through standard library function call | CON33-C. Avoid race conditions when using library functions |
Dead code | MSC01-C. Strive for logical completeness |
Dead code | MSC07-C. Detect and remove dead code |
Dead code | MSC12-C. Detect and remove code that has no effect or is never executed |
Deadlock | CON35-C. Avoid deadlock by locking in a predefined order |
Deadlock | POS51-C. Avoid deadlock with POSIX threads by locking in predefined order |
Deallocation of previously deallocated pointer | MEM30-C. Do not access freed memory |
Deallocation of previously deallocated pointer | MEM00-C. Allocate and free memory in the same module, at the same level of abstraction |
Declaration mismatch | DCL40-C. Do not create incompatible declarations of the same function or object |
Declaration mismatch | EXP37-C. Call functions with the correct number and type of arguments |
Declaration mismatch | MSC15-C. Do not depend on undefined behavior |
Destination buffer overflow in string manipulation | ARR38-C. Guarantee that library functions do not form invalid pointers |
Destination buffer overflow in string manipulation | STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator |
Destination buffer overflow in string manipulation | STR38-C. Do not confuse narrow and wide character strings and functions |
Destination buffer overflow in string manipulation | ENV01-C. Do not make assumptions about the size of an environment variable |
Destination buffer overflow in string manipulation | STR07-C. Use the bounds-checking interfaces for string manipulation |
Destination buffer underflow in string manipulation | ARR38-C. Guarantee that library functions do not form invalid pointers |
Destruction of locked mutex | CON31-C. Do not destroy a mutex while it is locked |
Destruction of locked mutex | POS48-C. Do not unlock or destroy another POSIX thread's mutex |
Deterministic random output from constant seed | MSC32-C. Properly seed pseudorandom number generators |
Double lock | CON01-C. Acquire and release synchronization primitives in the same module, at the same level of abstraction |
Double unlock | CON01-C. Acquire and release synchronization primitives in the same module, at the same level of abstraction |
Environment pointer invalidated by previous operation | ENV31-C. Do not rely on an environment pointer following an operation that may invalidate it |
Errno not checked | ERR33-C. Detect and handle standard library errors |
Errno not reset | ERR30-C. Set errno to zero before calling a library function known to set errno, and check errno only after the function returns a value indicating failure |
Execution of externally controlled command | ENV33-C. Do not call system() |
Execution of externally controlled command | STR02-C. Sanitize data passed to complex subsystems |
File access between time of check and use (TOCTOU) | FIO45-C. Avoid TOCTOU race conditions while accessing files |
File access between time of check and use (TOCTOU) | POS35-C. Avoid race conditions while checking for the existence of a symbolic link |
File access between time of check and use (TOCTOU) | FIO01-C. Be careful using functions that use file names for identification |
File descriptor exposure to child process | POS38-C. Beware of race conditions when using fork and file descriptors |
File manipulation after chroot() without chdir("/") | POS05-C. Limit access to files by creating a jail |
Float conversion overflow | FLP34-C. Ensure that floating-point conversions are within range of the new type |
Float conversion overflow | FLP03-C. Detect and handle floating-point errors |
Float division by zero | FLP03-C. Detect and handle floating-point errors |
Float overflow | FLP03-C. Detect and handle floating-point errors |
Float overflow | FLP06-C. Convert integers to floating point for floating-point operations |
Floating point comparison with equality operators | FLP02-C. Avoid using floating-point numbers when precise computation is needed |
Format string specifiers and arguments mismatch | EXP37-C. Call functions with the correct number and type of arguments |
Format string specifiers and arguments mismatch | DCL10-C. Maintain the contract between the writer and caller of variadic functions |
Format string specifiers and arguments mismatch | DCL11-C. Understand the type issues associated with variadic functions |
Format string specifiers and arguments mismatch | INT00-C. Understand the data model used by your implementation(s) |
Format string specifiers and arguments mismatch | MSC15-C. Do not depend on undefined behavior |
Function called from signal-handler not asynchronous safe | SIG30-C. Call only asynchronous-safe functions within signal handlers |
Function called from signal-handler not asynchronous safe (strict) | SIG30-C. Call only asynchronous-safe functions within signal handlers |
Hard coded buffer size | DCL06-C. Use meaningful symbolic constants to represent literal values |
Hard coded loop boundary | DCL06-C. Use meaningful symbolic constants to represent literal values |
Hard-coded object size used to manipulate memory | EXP09-C. Use sizeof to determine the size of a type or variable |
Improper array initialization | ARR00-C. Understand how arrays work |
Improper array initialization | ARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer |
Incorrect data type passed to va_arg | EXP47-C. Do not call va_arg with an argument of the incorrect type |
Incorrect pointer scaling | ARR39-C. Do not add or subtract a scaled integer to a pointer |
Incorrect pointer scaling | EXP08-C. Ensure pointer arithmetic is used correctly |
Information leak via structure padding | DCL39-C. Avoid information leakage when passing a structure across a trust boundary |
Inline constraint not respected | MSC40-C. Do not violate constraints |
Integer conversion overflow | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
Integer conversion overflow | FLP34-C. Ensure that floating-point conversions are within range of the new type |
Integer conversion overflow | INT02-C. Understand integer conversion rules |
Integer conversion overflow | INT12-C. Do not make assumptions about the type of a plain int bit-field when used in an expression |
Integer conversion overflow | INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size |
Integer division by zero | INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors |
Integer overflow | INT32-C. Ensure that operations on signed integers do not result in overflow |
Integer overflow | INT00-C. Understand the data model used by your implementation(s) |
Integer overflow | INT02-C. Understand integer conversion rules |
Integer overflow | INT08-C. Verify that all integer values are in range |
Integer overflow | INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size |
Integer overflow | MSC15-C. Do not depend on undefined behavior |
Invalid assumptions about memory organization | ARR37-C. Do not add or subtract an integer to a pointer to a non-array object |
Invalid file position | FIO44-C. Only use values for fsetpos() that are returned from fgetpos() |
Invalid free of pointer | MEM34-C. Only free memory allocated dynamically |
Invalid free of pointer | MEM00-C. Allocate and free memory in the same module, at the same level of abstraction |
Invalid use of = operator | EXP45-C. Do not perform assignments in selection statements |
Invalid use of standard library floating point routine | FLP32-C. Prevent or detect domain and range errors in math functions |
Invalid use of standard library floating point routine | FLP03-C. Detect and handle floating-point errors |
Invalid use of standard library integer routine | STR37-C. Arguments to character-handling functions must be representable as an unsigned char |
Invalid use of standard library memory routine | EXP34-C. Do not dereference null pointers |
Invalid use of standard library memory routine | ARR38-C. Guarantee that library functions do not form invalid pointers |
Invalid use of standard library memory routine | ARR39-C. Do not add or subtract a scaled integer to a pointer |
Invalid use of standard library memory routine | API00-C. Functions should validate their parameters |
Invalid use of standard library memory routine | EXP08-C. Ensure pointer arithmetic is used correctly |
Invalid use of standard library memory routine | MSC15-C. Do not depend on undefined behavior |
Invalid use of standard library routine | API00-C. Functions should validate their parameters |
Invalid use of standard library routine | MSC15-C. Do not depend on undefined behavior |
Invalid use of standard library string routine | ARR38-C. Guarantee that library functions do not form invalid pointers |
Invalid use of standard library string routine | STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator |
Invalid use of standard library string routine | STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string |
Invalid use of standard library string routine | MEM30-C. Do not access freed memory |
Invalid use of standard library string routine | API00-C. Functions should validate their parameters |
Invalid use of standard library string routine | MSC15-C. Do not depend on undefined behavior |
Invalid va_list argument | MSC39-C. Do not call va_arg() on a va_list that has an indeterminate value |
Library loaded from externally controlled path | STR02-C. Sanitize data passed to complex subsystems |
Library loaded from externally controlled path | WIN00-C. Be specific when dynamically loading libraries |
Load of library from a relative path can be controlled by an external actor | WIN00-C. Be specific when dynamically loading libraries |
Loop bounded with tainted value | INT04-C. Enforce limits on integer values originating from tainted sources |
Loop bounded with tainted value | MSC21-C. Use robust loop termination conditions |
Memory allocated with tainted size | ARR32-C. Ensure size arguments for variable length arrays are in a valid range |
Memory allocation with tainted size | MEM35-C. Allocate sufficient memory for an object |
Memory allocation with tainted size | INT04-C. Enforce limits on integer values originating from tainted sources |
Memory allocation with tainted size | MEM07-C. Ensure that the arguments to calloc(), when multiplied, do not wrap |
Memory allocation with tainted size | MEM10-C. Define and use a pointer validation function |
Memory allocation with tainted size | MEM11-C. Do not assume infinite heap space |
Memory comparison of float-point values | FLP37-C. Do not use object representations to compare floating-point values |
Memory comparison of padding data | EXP42-C. Do not compare padding data |
Memory leak | MEM31-C. Free dynamically allocated memory when no longer needed |
Memory leak | MEM11-C. Do not assume infinite heap space |
Memory leak | MEM12-C. Consider using a goto chain when leaving a function on error when using and releasing resources |
Mismatch between data length and size | ARR38-C. Guarantee that library functions do not form invalid pointers |
Mismatched alloc/dealloc functions on Windows | WIN30-C. Properly pair allocation and deallocation functions |
MISRA C:2012 Dir 4.5 | DCL02-C. Use visually distinct identifiers |
MISRA C:2012 Dir 4.6 | INT00-C. Understand the data model used by your implementation(s) |
MISRA C:2012 Dir 4.8 | DCL12-C. Implement abstract data types using opaque types |
MISRA C:2012 Dir 4.9 | PRE00-C. Prefer inline or static functions to function-like macros |
MISRA C:2012 Dir 4.10 | PRE06-C. Enclose header files in an include guard |
MISRA C:2012 Dir 4.13 | MEM30-C. Do not access freed memory |
MISRA C:2012 Dir 4.14 | INT04-C. Enforce limits on integer values originating from tainted sources |
MISRA C:2012 Dir 4.14 | INT10-C. Do not assume a positive remainder when using the % operator |
MISRA C:2012 Dir 4.14 | STR02-C. Sanitize data passed to complex subsystems |
MISRA C:2012 Directive 4.14 | EXP34-C. Do not dereference null pointers |
MISRA C:2012 Rule 1.2 | MSC04-C. Use comments consistently and in a readable fashion |
MISRA C:2012 Rule 2.1 | MSC07-C. Detect and remove dead code |
MISRA C:2012 Rule 2.1 | MSC12-C. Detect and remove code that has no effect or is never executed |
MISRA C:2012 Rule 2.2 | DCL22-C. Use volatile for data that cannot be cached |
MISRA C:2012 Rule 2.2 | MSC12-C. Detect and remove code that has no effect or is never executed |
MISRA C:2012 Rule 3.1 | MSC04-C. Use comments consistently and in a readable fashion |
MISRA C:2012 Rule 4.2 | PRE07-C. Avoid using repeated question marks |
MISRA C:2012 Rule 5.1 | DCL40-C. Do not create incompatible declarations of the same function or object |
MISRA C:2012 Rule 5.1 | DCL23-C. Guarantee that mutually visible identifiers are unique |
MISRA C:2012 Rule 5.2 | DCL23-C. Guarantee that mutually visible identifiers are unique |
MISRA C:2012 Rule 5.3 | DCL01-C. Do not reuse variable names in subscopes |
MISRA C:2012 Rule 5.3 | DCL23-C. Guarantee that mutually visible identifiers are unique |
MISRA C:2012 Rule 5.4 | DCL23-C. Guarantee that mutually visible identifiers are unique |
MISRA C:2012 Rule 5.5 | DCL23-C. Guarantee that mutually visible identifiers are unique |
MISRA C:2012 Rule 6.1 | INT12-C. Do not make assumptions about the type of a plain int bit-field when used in an expression |
MISRA C:2012 Rule 7.1 | DCL18-C. Do not begin integer constants with 0 when specifying a decimal value |
MISRA C:2012 Rule 7.3 | DCL16-C. Use "L," not "l," to indicate a long value |
MISRA C:2012 Rule 8.1 | DCL31-C. Declare identifiers before using them |
MISRA C:2012 Rule 8.2 | DCL36-C. Do not declare an identifier with conflicting linkage classifications |
MISRA C:2012 Rule 8.2 | DCL07-C. Include the appropriate type information in function declarators |
MISRA C:2012 Rule 8.2 | DCL20-C. Explicitly specify void when a function accepts no arguments |
MISRA C:2012 Rule 8.3 | DCL40-C. Do not create incompatible declarations of the same function or object |
MISRA C:2012 Rule 8.3 | EXP37-C. Call functions with the correct number and type of arguments |
MISRA C:2012 Rule 8.4 | DCL36-C. Do not declare an identifier with conflicting linkage classifications |
MISRA C:2012 Rule 8.7 | DCL15-C. Declare file-scope objects or functions that do not need external linkage as static |
MISRA C:2012 Rule 8.7 | DCL19-C. Minimize the scope of variables and functions |
MISRA C:2012 Rule 8.8 | DCL36-C. Do not declare an identifier with conflicting linkage classifications |
MISRA C:2012 Rule 8.8 | DCL15-C. Declare file-scope objects or functions that do not need external linkage as static |
MISRA C:2012 Rule 8.9 | DCL19-C. Minimize the scope of variables and functions |
MISRA C:2012 Rule 8.11 | ARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer |
MISRA C:2012 Rule 8.12 | INT09-C. Ensure enumeration constants map to unique values |
MISRA C:2012 Rule 8.13 | DCL13-C. Declare function parameters that are pointers to values not changed by the function as const |
MISRA C:2012 Rule 8.14 | EXP43-C. Avoid undefined behavior when using restrict-qualified pointers |
MISRA C:2012 Rule 9.5 | ARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer |
MISRA C:2012 Rule 10.1 | EXP46-C. Do not use a bitwise operator with a Boolean-like operand |
MISRA C:2012 Rule 10.1 | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
MISRA C:2012 Rule 10.1 | INT02-C. Understand integer conversion rules |
MISRA C:2012 Rule 10.1 | INT07-C. Use only explicitly signed or unsigned char type for numeric values |
MISRA C:2012 Rule 10.1 | INT13-C. Use bitwise operators only on unsigned operands |
MISRA C:2012 Rule 10.1 | INT16-C. Do not make assumptions about representation of signed integers |
MISRA C:2012 Rule 10.1 | STR04-C. Use plain char for characters in the basic character set |
MISRA C:2012 Rule 10.2 | STR04-C. Use plain char for characters in the basic character set |
MISRA C:2012 Rule 10.3 | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
MISRA C:2012 Rule 10.3 | FLP06-C. Convert integers to floating point for floating-point operations |
MISRA C:2012 Rule 10.3 | INT02-C. Understand integer conversion rules |
MISRA C:2012 Rule 10.3 | INT07-C. Use only explicitly signed or unsigned char type for numeric values |
MISRA C:2012 Rule 10.3 | STR04-C. Use plain char for characters in the basic character set |
MISRA C:2012 Rule 10.4 | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
MISRA C:2012 Rule 10.4 | INT02-C. Understand integer conversion rules |
Array access out of bounds | API02-C. Functions that read or write to or from an array should take an argument to specify the source or target size |
Array access out of bounds | ARR00-C. Understand how arrays work |
Array access with tainted index | API02-C. Functions that read or write to or from an array should take an argument to specify the source or target size |
C | DCL37-C. Do not declare or define a reserved identifier |
CERT C: MSC01-C | MSC01-C. Strive for logical completeness |
CERT C: Rec. ARR01-C | ARR01-C. Do not apply the sizeof operator to a pointer when taking the size of an array |
CERT C: Rec. ARR02-C | ARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer |
CERT C: Rec. CON01-C | CON01-C. Acquire and release synchronization primitives in the same module, at the same level of abstraction |
CERT C: Rec. CON05-C | CON05-C. Do not perform operations that can block while holding a lock |
CERT C: Rec. DCL01-C | DCL01-C. Do not reuse variable names in subscopes |
CERT C: Rec. DCL02-C | DCL02-C. Use visually distinct identifiers |
CERT C: Rec. DCL06-C | DCL06-C. Use meaningful symbolic constants to represent literal values |
CERT C: Rec. DCL07-C | DCL07-C. Include the appropriate type information in function declarators |
CERT C: Rec. DCL10-C | DCL10-C. Maintain the contract between the writer and caller of variadic functions |
CERT C: Rec. DCL11-C | DCL11-C. Understand the type issues associated with variadic functions |
CERT C: Rec. DCL12-C | DCL12-C. Implement abstract data types using opaque types |
CERT C: Rec. DCL13-C | DCL13-C. Declare function parameters that are pointers to values not changed by the function as const |
CERT C: Rec. DCL15-C | DCL15-C. Declare file-scope objects or functions that do not need external linkage as static |
CERT C: Rec. DCL16-C | DCL16-C. Use "L," not "l," to indicate a long value |
CERT C: Rec. DCL18-C | DCL18-C. Do not begin integer constants with 0 when specifying a decimal value |
CERT C: Rec. DCL19-C | DCL19-C. Minimize the scope of variables and functions |
CERT C: Rec. DCL22-C | DCL22-C. Use volatile for data that cannot be cached |
CERT C: Rec. DCL23-C | DCL23-C. Guarantee that mutually visible identifiers are unique |
CERT C: Rec. ENV01-C | ENV01-C. Do not make assumptions about the size of an environment variable |
CERT C: Rec. ERR00-C | ERR00-C. Adopt and implement a consistent and comprehensive error-handling policy |
CERT C: Rec. EXP00-C | EXP00-C. Use parentheses for precedence of operation |
CERT C: Rec. EXP05-C | EXP05-C. Do not cast away a const qualification |
CERT C: Rec. EXP08-C | EXP08-C. Ensure pointer arithmetic is used correctly |
CERT C: Rec. EXP09-C | EXP09-C. Use sizeof to determine the size of a type or variable |
CERT C: Rec. EXP10-C | EXP10-C. Do not depend on the order of evaluation of subexpressions or the order in which side effects take place |
CERT C: Rec. EXP11-C | EXP11-C. Do not make assumptions regarding the layout of structures with bit-fields |
CERT C: Rec. EXP12-C | EXP12-C. Do not ignore values returned by functions |
CERT C: Rec. EXP13-C | EXP13-C. Treat relational and equality operators as if they were nonassociative |
CERT C: Rec. EXP19-C | EXP19-C. Use braces for the body of an if, for, or while statement |
CERT C: Rec. FIO02-C | FIO02-C. Canonicalize path names originating from tainted sources |
CERT C: Rec. FIO11-C | FIO11-C. Take care when specifying the mode parameter of fopen() |
CERT C: Rec. FIO21-C | FIO21-C. Do not create temporary files in shared directories |
CERT C: Rec. FIO24-C | FIO24-C. Do not open a file that is already open |
CERT C: Rec. FLP00-C | FLP00-C. Understand the limitations of floating-point numbers |
CERT C: Rec. FLP02-C | FLP02-C. Avoid using floating-point numbers when precise computation is needed |
CERT C: Rec. FLP03-C | FLP03-C. Detect and handle floating-point errors |
CERT C: Rec. FLP06-C | FLP06-C. Convert integers to floating point for floating-point operations |
CERT C: Rec. INT00-C | INT00-C. Understand the data model used by your implementation(s) |
CERT C: Rec. INT02-C | INT02-C. Understand integer conversion rules |
CERT C: Rec. INT04-C | INT04-C. Enforce limits on integer values originating from tainted sources |
CERT C: Rec. INT07-C | MISRA C:2012 Rule 10.4 | INT07-C. Use only explicitly signed or unsigned char type for numeric values |
MISRA CERT C: 2012 Rule 10.4 Rec. INT08-C | INT08 INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size |
MISRA C:2012 Rule 10.4 | STR04-C. Use plain char for characters in the basic character set |
MISRA C:2012 Rule 10.6 | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
MISRA C:2012 Rule 10.6 | INT02-C. Understand integer conversion rules |
Verify that all integer values are in range |
CERT C: Rec. INT09-C | INT09-C. Ensure enumeration constants map to unique values |
CERT C: Rec. INT10-C | INT10-C. Do not assume a positive remainder when using the % operator |
CERT C: Rec. INT12-C | INT12-C. Do not make assumptions about the type of a plain int bit-field when used in an expression |
CERT C: Rec. INT13-C | INT13-C. Use bitwise operators only on unsigned operands |
CERT C: Rec. INT14-C | INT14-C. Avoid performing bitwise and arithmetic operations on the same data |
CERT C: Rec. INT18-C MISRA C:2012 Rule 10.6 | INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size |
MISRA CERT C: 2012 Rule 10.7 | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
MISRA C:2012 Rule 10.7 | INT02-C. Understand integer conversion rules |
MISRA C:2012 Rule 10.7 | INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size |
MISRA C:2012 Rule 10.8 | INT02-C. Understand integer conversion rules |
MISRA C:2012 Rule 11.1 | EXP36-C. Do not cast pointers into more strictly aligned pointer types |
MISRA C:2012 Rule 11.1 | EXP37-C. Call functions with the correct number and type of arguments |
MISRA C:2012 Rule 11.1 | DCL07-C. Include the appropriate type information in function declarators |
MISRA C:2012 Rule 11.2 | EXP36-C. Do not cast pointers into more strictly aligned pointer types |
MISRA C:2012 Rule 11.3 | EXP36-C. Do not cast pointers into more strictly aligned pointer types |
MISRA C:2012 Rule 11.3 | EXP39-C. Do not access a variable through a pointer of an incompatible type |
MISRA C:2012 Rule 11.5 | EXP36-C. Do not cast pointers into more strictly aligned pointer types |
MISRA C:2012 Rule 11.6 | INT36-C. Converting a pointer to integer or integer to pointer |
MISRA C:2012 Rule 11.7 | EXP36-C. Do not cast pointers into more strictly aligned pointer types |
MISRA C:2012 Rule 11.8 | EXP32-C. Do not access a volatile object through a nonvolatile reference |
MISRA C:2012 Rule 11.8 | EXP05-C. Do not cast away a const qualification |
MISRA C:2012 Rule 12.1 | EXP00-C. Use parentheses for precedence of operation |
MISRA C:2012 Rule 12.5 | ARR01-C. Do not apply the sizeof operator to a pointer when taking the size of an array |
MISRA C:2012 Rule 13.2 | PRE31-C. Avoid side effects in arguments to unsafe macros |
MISRA C:2012 Rule 13.2 | EXP30-C. Do not depend on the order of evaluation for side effects |
MISRA C:2012 Rule 13.2 | EXP10-C. Do not depend on the order of evaluation of subexpressions or the order in which side effects take place |
MISRA C:2012 Rule 13.6 | EXP44-C. Do not rely on side effects in operands to sizeof, _Alignof, or _Generic |
MISRA C:2012 Rule 14.1 | FLP30-C. Do not use floating-point variables as loop counters |
MISRA C:2012 Rule 15.6 | EXP19-C. Use braces for the body of an if, for, or while statement |
MISRA C:2012 Rule 16.1 | DCL41-C. Do not declare variables inside a switch statement before the first case label |
MISRA C:2012 Rule 16.2 | MSC20-C. Do not use a switch statement to transfer control into a complex block |
MISRA C:2012 Rule 17.1 | DCL10-C. Maintain the contract between the writer and caller of variadic functions |
MISRA C:2012 Rule 17.1 | DCL11-C. Understand the type issues associated with variadic functions |
MISRA C:2012 Rule 17.1 | ERR00-C. Adopt and implement a consistent and comprehensive error-handling policy |
MISRA C:2012 Rule 17.2 | MEM05-C. Avoid large stack allocations |
MISRA C:2012 Rule 17.3 | DCL31-C. Declare identifiers before using them |
MISRA C:2012 Rule 17.3 | DCL36-C. Do not declare an identifier with conflicting linkage classifications |
MISRA C:2012 Rule 17.3 | EXP37-C. Call functions with the correct number and type of arguments |
MISRA C:2012 Rule 17.7 | ERR33-C. Detect and handle standard library errors |
Rec. MEM00-C | MEM00-C. Allocate and free memory in the same module, at the same level of abstraction |
CERT C: Rec. MEM01-C | MEM01-C. Store a new value in pointers immediately after free() |
CERT C: Rec. MEM02-C | MEM02-C. Immediately cast the result of a memory allocation function call into a pointer to the allocated type |
CERT C: Rec. MEM03-C | MEM03-C. Clear sensitive information stored in reusable resources |
CERT C: Rec. MEM04-C | MEM04-C. Beware of zero-length allocations |
CERT C: Rec. MEM05-C | MEM05-C. Avoid large stack allocations |
CERT C: Rec. MEM06-C | MEM06-C. Ensure that sensitive data is not written out to disk |
CERT C: Rec. MEM11-C | MEM11-C. Do not assume infinite heap space |
CERT C: Rec. MEM12-C | MEM12-C. Consider using a goto chain when leaving a function on error when using and releasing resources |
CERT C: Rec. MSC04-C | MSC04-C. Use comments consistently and in a readable fashion |
CERT C: Rec. MSC12-C | MSC12-C. Detect and remove code that has no effect or is never executed |
CERT C: Rec. MSC13-C | MSC13-C. Detect and remove unused values |
CERT C: Rec. MSC15-C | MSC15-C. Do not depend on undefined behavior |
CERT C: Rec. MSC17-C | MSC17-C. Finish every set of statements associated with a case label with a break statement |
CERT C: Rec. MSC18-C | MSC18-C. Be careful while handling sensitive data, such as passwords, in program code |
CERT C: Rec. MSC20-C | MSC20-C. Do not use a switch statement to transfer control into a complex block |
CERT C: Rec. MSC21-C | MSC21-C. Use robust loop termination conditions |
CERT C: Rec. MSC22-C | MSC22-C. Use the setjmp(), longjmp() facility securely |
CERT C: Rec. MSC24-C | MSC24-C. Do not use deprecated or obsolescent functions |
CERT C: Rec. POS05-C | POS05-C. Limit access to files by creating a jail |
CERT C: Rec. PRE00-C | PRE00-C. Prefer inline or static functions to function-like macros |
CERT C: Rec. PRE01-C | PRE01-C. Use parentheses within macros around parameter names |
CERT C: Rec. PRE06-C | PRE06-C. Enclose header files in an include guard |
CERT C: Rec. PRE07-C | PRE07-C. Avoid using repeated question marks |
CERT C: Rec. PRE09-C | PRE09-C. Do not replace secure functions with deprecated or obsolescent functions |
CERT C: Rec. STR02-C | STR02-C. Sanitize data passed to complex subsystems |
CERT C: Rec. STR03-C | STR03-C. Do not inadvertently truncate a string |
CERT C: Rec. STR07-C | STR07-C. Use the bounds-checking interfaces for string manipulation |
CERT C: Rec. STR11-C | STR11-C. Do not specify the bound of a character array initialized with a string literal |
CERT C: Rec. WIN00-C | WIN00-C. Be specific when dynamically loading libraries |
CERT C: Rule ARR30-C MISRA C:2012 Rule 18.1 | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
MISRA CERT C: 2012 Rule 18.1 | ARR39-C. Do not add or subtract a scaled integer to a pointer |
MISRA C:2012 Rule 18.1 | EXP08-C. Ensure pointer arithmetic is used correctly |
Rule ARR32-C | ARR32-C. Ensure size arguments for variable length arrays are in a valid range |
CERT C: Rule ARR36-C | MISRA C:2012 Rule 18.2 | ARR36-C. Do not subtract or compare two pointers that do not refer to the same array |
MISRA C:2012 Rule 18.2 | EXP08-C. Ensure pointer arithmetic is used correctly |
MISRA C:2012 Rule 18.3 | EXP08-C. Ensure pointer arithmetic is used correctly |
MISRA C:2012 Rule 18.6 | DCL30-C. Declare objects with appropriate storage durations |
CERT C: Rule ARR37-C | ARR37 | MISRA C:2012 Rule 18.6 | MEM30-C. Do not access freed memory |
MISRA C:2012 Rule 20.7 | PRE01-C. Use parentheses within macros around parameter names |
MISRA C:2012 Rule 21.1 | DCL37-C. Do not declare or define a reserved identifier |
MISRA C:2012 Rule 21.2 | DCL37-C. Do not declare or define a reserved identifier |
MISRA C:2012 Rule 21.3 | API03-C. Create consistent interfaces and capabilities across related functions |
MISRA C:2012 Rule 21.16 | EXP42-C. Do not compare padding data |
MISRA C:2012 Rule 21.17 | STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string |
MISRA C:2012 Rule 21.19 | ENV30-C. Do not modify the object referenced by the return value of certain functions |
MISRA C:2012 Rule 22.1 | MEM30-C. Do not access freed memory |
MISRA C:2012 Rule 22.2 | MEM30-C. Do not access freed memory |
MISRA C:2012 Rule 22.2 | MEM34-C. Only free memory allocated dynamically |
MISRA C:2012 Rule 22.7 | FIO34-C. Distinguish between characters read from a file and EOF or WEOF |
MISRA C:2012 Rule 22.8 | ERR30-C. Set errno to zero before calling a library function known to set errno, and check errno only after the function returns a value indicating failure |
MISRA C:2012 Rule 22.9 | ERR33-C. Detect and handle standard library errors |
MISRA C:2012 Rule 22.10 | ERR30-C. Set errno to zero before calling a library function known to set errno, and check errno only after the function returns a value indicating failure |
Missing break of switch case | MSC17-C. Finish every set of statements associated with a case label with a break statement |
Missing byte reordering when transferring data | POS39-C. Use the correct byte ordering when transferring data between systems |
Missing case for switch condition | MSC01-C. Strive for logical completeness |
Missing case for switch condition | MSC07-C. Detect and remove dead code |
Missing lock | CON01-C. Acquire and release synchronization primitives in the same module, at the same level of abstraction |
Missing null in string array | STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator |
Missing null in string array | STR11-C. Do not specify the bound of a character array initialized with a string literal |
Missing reset of a freed pointer | MEM01-C. Store a new value in pointers immediately after free() |
Missing return statement | MSC37-C. Ensure that control never reaches the end of a non-void function |
Missing unlock | CON01-C. Acquire and release synchronization primitives in the same module, at the same level of abstraction |
Missing unlock | MEM12-C. Consider using a goto chain when leaving a function on error when using and releasing resources |
Misuse of a FILE object | FIO38-C. Do not copy a FILE object |
add or subtract an integer to a pointer to a non-array object |
CERT C: Rule ARR38-C | ARR38-C. Guarantee that library functions do not form invalid pointers |
CERT C: Rule ARR39-C | ARR39-C. Do not add or subtract a scaled integer to a pointer |
CERT C: Rule CON30-C | CON30-C. Clean up thread-specific storage |
CERT C: Rule CON31-C | CON31-C. Do not destroy a mutex while it is locked |
CERT C: Rule CON32-C | CON32-C. Prevent data races when accessing bit-fields from multiple threads |
CERT C: Rule CON33-C | CON33-C. Avoid race conditions when using library functions |
CERT C: Rule CON35-C | CON35-C. Avoid deadlock by locking in a predefined order |
CERT C: Rule CON36-C | CON36-C. Wrap functions that can spuriously wake up in a loop |
CERT C: Rule CON37-C | CON37-C. Do not call signal() in a multithreaded program |
CERT C: Rule CON40-C | CON40-C. Do not refer to an atomic variable twice in an expression |
CERT C: Rule CON41-C | CON41-C. Wrap functions that can fail spuriously in a loop |
CERT C: Rule CON43-C | CON43-C. Do not allow data races in multithreaded code |
CERT C: Rule DCL30-C | DCL30-C. Declare objects with appropriate storage durations |
CERT C: Rule DCL31-C | DCL31-C. Declare identifiers before using them |
CERT C: Rule DCL36-C | DCL36-C. Do not declare an identifier with conflicting linkage classifications |
CERT C: Rule DCL38-C | DCL38-C. Use the correct syntax when declaring a flexible array member |
CERT C: Rule DCL39-C | DCL39-C. Avoid information leakage when passing a structure across a trust boundary |
CERT C: Rule DCL40-C | DCL40-C. Do not create incompatible declarations of the same function or object |
CERT C: Rule DCL41-C | DCL41-C. Do not declare variables inside a switch statement before the first case label |
CERT C: Rule ENV30-C | ENV30-C. Do not modify the object referenced by the return value of certain functions |
CERT C: Rule ENV31-C | ENV31-C. Do not rely on an environment pointer following an operation that may invalidate it |
CERT C: Rule ENV32-C | ENV32-C. All exit handlers must return normally |
CERT C: Rule ENV33-C | ENV33-C. Do not call system() |
CERT C: Rule ENV34-C | ENV34-C. Do not store pointers returned by certain functions |
CERT C: Rule ERR30-C Misuse of errno | ERR30-C. Set errno to zero before calling a library function known to set errno, and check errno only after the function returns a value indicating failure |
Misuse of errno in a signal handler | ERR32-C. Do not rely on indeterminate values of errno |
Misuse of readlink() | POS30-C. Use the readlink() function properly |
CERT C: Rule ERR32-C | ERR32 | Misuse of return value from nonreentrant standard function | ENV34-C. Do not store pointers returned by certain functions |
Misuse of sign-extended character value | STR34-C. Cast characters to unsigned char before converting to larger integer sizes |
Misuse of sign-extended character value | STR37-C. Arguments to character-handling functions must be representable as an unsigned char |
Misuse of structure with flexible-array member | MEM33-C. Allocate and copy structures containing a flexible array member dynamically |
Modification of internal buffer returned from nonreentrant standard function | ENV30-C. Do not modify the object referenced by the return value of certain functions |
Modification of internal buffer returned from nonreentrant standard function | STR06-C. Do not assume that strtok() leaves the parse string unchanged |
rely on indeterminate values of errno |
CERT C: Rule ERR33-C | ERR33-C. Detect and handle standard library errors |
CERT C: Rule ERR34-C | ERR34-C. Detect errors when converting a string to a number |
CERT C: Rule EXP30-C | EXP30-C. Do not depend on the order of evaluation for side effects |
CERT C: Rule EXP32-C | EXP32-C. Do not access a volatile object through a nonvolatile reference |
CERT C: Rule EXP33-C Non-initialized pointer | EXP33-C. Do not read uninitialized memory | Non-initialized pointer |
CERT C: Rule EXP34-C | EXP34 MSC15-C. Do not depend on undefined behavior dereference null pointers |
CERT C: Rule EXP36-C | EXP36 | Non-initialized variable | EXP33-C. Do not read uninitialized memory |
Non-initialized variable | MSC39-C. Do not call va_arg() on a va_list that has an indeterminate value |
cast pointers into more strictly aligned pointer types |
CERT C: Rule EXP37-C | EXP37-C. Call functions with the correct number and type of arguments |
CERT C: Rule EXP40-C | EXP40 | Non-initialized variable | MSC15-C. Do not depend on undefined behavior modify constant objects |
CERT C: Rule EXP42-C | EXP42 | Null pointer | EXP34-C. Do not dereference null pointers | Null pointer | compare padding data |
CERT C: Rule EXP43-C | EXP43 MSC15-C. Do not depend on Avoid undefined behavior |
Opening previously opened resource | FIO24-C. Do not open a file that is already open |
when using restrict-qualified pointers |
CERT C: Rule EXP44-C | EXP44 | Overlapping assignment | MSC15-C. Do not depend on undefined behavior rely on side effects in operands to sizeof, _Alignof, or _Generic |
CERT C: Rule EXP45-C | EXP45 | Pointer access out of bounds | EXP39-C. Do not access a variable through a pointer of an incompatible type |
Pointer access out of bounds | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
Pointer access out of bounds | ARR38-C. Guarantee that library functions do not form invalid pointers |
Pointer access out of bounds | ARR39-C. Do not add or subtract a scaled integer to a pointer |
Pointer access out of bounds | STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator |
Pointer access out of bounds | MEM35-C. Allocate sufficient memory for an object |
Pointer access out of bounds | API02-C. Functions that read or write to or from an array should take an argument to specify the source or target size |
Pointer access out of bounds | EXP08-C. Ensure pointer arithmetic is used correctly |
Pointer access out of bounds | MSC15-C. Do not depend on undefined behavior |
Pointer dereference with tainted offset | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
Pointer dereference with tainted offset | API02-C. Functions that read or write to or from an array should take an argument to specify the source or target size |
Pointer or reference to stack variable leaving scope | DCL30-C. Declare objects with appropriate storage durations |
Possible misuse of sizeof | ARR38-C. Guarantee that library functions do not form invalid pointers |
Possible misuse of sizeof | ARR39-C. Do not add or subtract a scaled integer to a pointer |
Possible misuse of sizeof | ARR00-C. Understand how arrays work |
Possible misuse of sizeof | ARR01-C. Do not apply the sizeof operator to a pointer when taking the size of an array |
Possibly unintended evaluation of expression because of operator precedence rules | EXP00-C. Use parentheses for precedence of operation |
Possibly unintended evaluation of expression because of operator precedence rules | EXP13-C. Treat relational and equality operators as if they were nonassociative |
Predefined macro used as object | MSC38-C. Do not treat a predefined identifier as an object if it might only be implemented as a macro |
Predictable block cipher initialization vector | MSC18-C. Be careful while handling sensitive data, such as passwords, in program code |
Predictable cipher key | MSC18-C. Be careful while handling sensitive data, such as passwords, in program code |
Predictable random output from predictable seed | MSC32-C. Properly seed pseudorandom number generators |
Preprocessor directive in macro argument | PRE32-C. Do not use preprocessor directives in invocations of function-like macros |
Privilege drop not verified | POS37-C. Ensure that privilege relinquishment is successful |
Qualifier removed in conversion | EXP32-C. Do not access a volatile object through a nonvolatile reference |
Qualifier removed in conversion | EXP37-C. Call functions with the correct number and type of arguments |
Qualifier removed in conversion | EXP05-C. Do not cast away a const qualification |
Resource leak | MEM12-C. Consider using a goto chain when leaving a function on error when using and releasing resources |
Return from computational exception signal handler | SIG35-C. Do not return from a computational exception signal handler |
Return value of a sensitive function not checked | ERR33-C. Detect and handle standard library errors |
Returned value of a sensitive function not checked | POS54-C. Detect and handle POSIX library errors |
Returned value of a sensitive function not checked | EXP12-C. Do not ignore values returned by functions |
Sensitive data printed out | MEM06-C. Ensure that sensitive data is not written out to disk |
Sensitive heap memory not cleared before release | MEM03-C. Clear sensitive information stored in reusable resources |
Sensitive heap memory not cleared before release | MSC18-C. Be careful while handling sensitive data, such as passwords, in program code |
Shared data access within signal handler | SIG31-C. Do not access shared objects in signal handlers |
Shift of a negative value | INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand |
Shift operation overflow | INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand |
Side effect of expression ignored | EXP44-C. Do not rely on side effects in operands to sizeof, _Alignof, or _Generic |
Sign change integer conversion overflow | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
Signal call from within signal handler | SIG34-C. Do not call signal() from within interruptible signal handlers |
Standard function call with incorrect arguments | EXP37-C. Call functions with the correct number and type of arguments |
Standard function call with incorrect arguments | STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string |
Standard function call with incorrect arguments | FIO46-C. Do not access a closed file |
Standard function call with incorrect arguments | API00-C. Functions should validate their parameters |
Standard function call with incorrect arguments | MSC15-C. Do not depend on undefined behavior |
Stream argument with possibly unintended side effects | FIO41-C. Do not call getc(), putc(), getwc(), or putwc() with a stream argument that has side effects |
Subtraction or comparison between pointers to different arrays | ARR36-C. Do not subtract or compare two pointers that do not refer to the same array |
Tainted Data Defects | API00-C. Functions should validate their parameters |
Tainted division operand | INT32-C. Ensure that operations on signed integers do not result in overflow |
Tainted division operand | INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors |
Tainted modulo operand | INT32-C. Ensure that operations on signed integers do not result in overflow |
Tainted modulo operand | INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors |
Tainted modulo operand | INT10-C. Do not assume a positive remainder when using the % operator |
Tainted NULL or non-null-terminated string | STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator |
Tainted NULL or non-null-terminated string | STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string |
Tainted NULL or non-null-terminated string | ENV01-C. Do not make assumptions about the size of an environment variable |
Tainted NULL or non-null-terminated string | FIO17-C. Do not rely on an ending null character when using fread() |
Tainted sign change conversion | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
Tainted sign change conversion | INT02-C. Understand integer conversion rules |
Tainted sign change conversion | INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size |
Tainted sign change conversion | MEM04-C. Beware of zero-length allocations |
Tainted sign change conversion | MEM11-C. Do not assume infinite heap space |
Tainted sign change conversion | MSC21-C. Use robust loop termination conditions |
Tainted size of variable length array | ARR32-C. Ensure size arguments for variable length arrays are in a valid range |
Tainted size of variable length array | INT04-C. Enforce limits on integer values originating from tainted sources |
Tainted size of variable length array | MEM04-C. Beware of zero-length allocations |
Tainted size of variable length array | MEM05-C. Avoid large stack allocations |
Tainted string format | FIO30-C. Exclude user input from format strings |
Too many va_arg calls for current argument list | EXP47-C. Do not call va_arg with an argument of the incorrect type |
Umask used with chmod-style arguments | FIO06-C. Create files with appropriate access permissions |
Uncleared sensitive data in stack | MEM03-C. Clear sensitive information stored in reusable resources |
Uncleared sensitive data in stack | MSC18-C. Be careful while handling sensitive data, such as passwords, in program code |
Universal character name from token concatenation | PRE30-C. Do not create a universal character name through concatenation |
Unprotected dynamic memory allocation | ERR33-C. Detect and handle standard library errors |
Unprotected dynamic memory allocation | MEM10-C. Define and use a pointer validation function |
Unprotected dynamic memory allocation | MEM11-C. Do not assume infinite heap space |
Unreachable code | MSC01-C. Strive for logical completeness |
Unreachable code | MSC07-C. Detect and remove dead code |
Unreachable code | MSC12-C. Detect and remove code that has no effect or is never executed |
Unreliable cast of function pointer | EXP37-C. Call functions with the correct number and type of arguments |
Unreliable cast of function pointer | MSC15-C. Do not depend on undefined behavior |
Unreliable cast of pointer | EXP36-C. Do not cast pointers into more strictly aligned pointer types |
Unreliable cast of pointer | EXP39-C. Do not access a variable through a pointer of an incompatible type |
perform assignments in selection statements |
CERT C: Rule EXP46-C | EXP46-C. Do not use a bitwise operator with a Boolean-like operand |
CERT C: Rule EXP47-C | EXP47-C. Do not call va_arg with an argument of the incorrect type |
CERT C: Rule FIO30-C | FIO30-C. Exclude user input from format strings |
CERT C: Rule FIO32-C | FIO32-C. Do not perform operations on devices that are only appropriate for files |
CERT C: Rule FIO37-C | FIO37-C. Do not assume that fgets() or fgetws() returns a nonempty string when successful |
CERT C: Rule FIO38-C | FIO38-C. Do not copy a FILE object |
CERT C: Rule FIO39-C | FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call |
CERT C: Rule FIO40-C | FIO40-C. Reset strings on fgets() or fgetws() failure |
CERT C: Rule FIO41-C | FIO41-C. Do not call getc(), putc(), getwc(), or putwc() with a stream argument that has side effects |
CERT C: Rule FIO42-C | FIO42-C. Close files when they are no longer needed |
CERT C: Rule FIO44-C | FIO44-C. Only use values for fsetpos() that are returned from fgetpos() |
CERT C: Rule FIO45-C | FIO45-C. Avoid TOCTOU race conditions while accessing files |
CERT C: Rule FIO46-C | FIO46-C. Do not access a closed file |
CERT C: Rule FLP30-C | FLP30-C. Do not use floating-point variables as loop counters |
CERT C: Rule FLP34-C | FLP34-C. Ensure that floating-point conversions are within range of the new type |
CERT C: Rule FLP37-C | FLP37-C. Do not use object representations to compare floating-point values |
CERT C: Rule INT30-C | INT30-C. Ensure that unsigned integer operations do not wrap |
CERT C: Rule INT31-C | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
CERT C: Rule INT32-C | INT32-C. Ensure that operations on signed integers do not result in overflow |
CERT C: Rule INT33-C | INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors |
CERT C: Rule INT34-C | INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand |
CERT C: Rule INT35-C | INT35-C. Use correct integer precisions |
CERT C: Rule INT36-C | INT36-C. Converting a pointer to integer or integer to pointer |
CERT C: Rule MEM30-C | MEM30-C. Do not access freed memory |
CERT C: Rule MEM31-C | MEM31-C. Free dynamically allocated memory when no longer needed |
CERT C: Rule MEM33-C | MEM33-C. Allocate and copy structures containing a flexible array member dynamically |
CERT C: Rule MEM34-C | MEM34-C. Only free memory allocated dynamically |
CERT C: Rule MEM35-C | MEM35-C. Allocate sufficient memory for an object |
CERT C: Rule MEM36-C | MEM36-C. Do not modify the alignment of objects by calling realloc() |
CERT C: Rule MSC30-C | MSC30-C. Do not use the rand() function for generating pseudorandom numbers |
CERT C: Rule MSC32-C | MSC32-C. Properly seed pseudorandom number generators |
CERT C: Rule MSC33-C | MSC33-C. Do not pass invalid data to the asctime() function |
CERT C: Rule MSC37-C | MSC37-C. Ensure that control never reaches the end of a non-void function |
CERT C: Rule MSC38-C | MSC38-C. Do not treat a predefined identifier as an object if it might only be implemented as a macro |
CERT C: Rule MSC39-C | MSC39-C. Do not call va_arg() on a va_list that has an indeterminate value |
CERT C: Rule MSC40-C | MSC40-C. Do not violate constraints |
CERT C: Rule POS30-C | POS30-C. Use the readlink() function properly |
CERT C: Rule POS34-C | POS34-C. Do not call putenv() with a pointer to an automatic variable as the argument |
CERT C: Rule POS35-C | POS35-C. Avoid race conditions while checking for the existence of a symbolic link |
CERT C: Rule POS36-C | POS36-C. Observe correct revocation order while relinquishing privileges |
CERT C: Rule POS37-C | POS37-C. Ensure that privilege relinquishment is successful |
CERT C: Rule POS38-C | POS38-C. Beware of race conditions when using fork and file descriptors |
CERT C: Rule POS39-C | POS39-C. Use the correct byte ordering when transferring data between systems |
CERT C: Rule POS44-C | POS44-C. Do not use signals to terminate threads |
CERT C: Rule POS48-C | POS48-C. Do not unlock or destroy another POSIX thread's mutex |
CERT C: Rule POS49-C | POS49-C. When data must be accessed by multiple threads, provide a mutex and guarantee no adjacent data is also accessed |
CERT C: Rule POS51-C | POS51-C. Avoid deadlock with POSIX threads by locking in predefined order |
CERT C: Rule POS52-C | POS52-C. Do not perform operations that can block while holding a POSIX lock |
CERT C: Rule POS54-C | POS54-C. Detect and handle POSIX library errors |
CERT C: Rule PRE30-C | PRE30-C. Do not create a universal character name through concatenation |
CERT C: Rule PRE31-C | PRE31-C. Avoid side effects in arguments to unsafe macros |
CERT C: Rule PRE32-C | PRE32-C. Do not use preprocessor directives in invocations of function-like macros |
CERT C: Rule SIG30-C | SIG30-C. Call only asynchronous-safe functions within signal handlers |
CERT C: Rule SIG31-C | SIG31-C. Do not access shared objects in signal handlers |
CERT C: Rule SIG34-C | SIG34-C. Do not call signal() from within interruptible signal handlers |
CERT C: Rule SIG35-C | SIG35-C. Do not return from a computational exception signal handler |
CERT C: Rule STR30-C | STR30-C. Do not attempt to modify string literals |
CERT C: Rule STR31-C | STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator |
CERT C: Rule STR32-C | STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string |
CERT C: Rule STR34-C | STR34-C. Cast characters to unsigned char before converting to larger integer sizes |
CERT C: Rule STR37-C | STR37-C. Arguments to character-handling functions must be representable as an unsigned char |
CERT C: Rule STR38-C Unreliable cast of pointer | STR38-C. Do not confuse narrow and wide character strings and functions |
Unreliable cast of pointer | MSC15-C. Do not depend on undefined behavior |
Unsafe call to a system function | ENV33-C. Do not call system() |
Unsafe conversion between pointer and integer | INT36-C. Converting a pointer to integer or integer to pointer |
Unsafe conversion from string to numeric value | ERR34-C. Detect errors when converting a string to a number |
Unsafe standard encryption function | MSC18-C. Be careful while handling sensitive data, such as passwords, in program code |
Unsigned integer conversion overflow | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
Unsigned integer conversion overflow | FLP34-C. Ensure that floating-point conversions are within range of the new type |
Unsigned integer conversion overflow | INT02-C. Understand integer conversion rules |
Unsigned integer conversion overflow | INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size |
Unsigned integer overflow | INT30-C. Ensure that unsigned integer operations do not wrap |
Unused parameter | MSC13-C. Detect and remove unused values |
Use of automatic variable as putenv-family function argument | POS34-C. Do not call putenv() with a pointer to an automatic variable as the argument |
Use of dangerous standard function | STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator |
Use of dangerous standard function | API02-C. Functions that read or write to or from an array should take an argument to specify the source or target size |
Use of dangerous standard function | ENV01-C. Do not make assumptions about the size of an environment variable |
Use of dangerous standard function | PRE09-C. Do not replace secure functions with deprecated or obsolescent functions |
Use of dangerous standard function | STR07-C. Use the bounds-checking interfaces for string manipulation |
Use of indeterminate string | FIO40-C. Reset strings on fgets() or fgetws() failure |
Use of memset with size argument zero | MSC12-C. Detect and remove code that has no effect or is never executed |
Use of non-secure temporary file | FIO03-C. Do not make assumptions about fopen() and file creation |
Use of non-secure temporary file | FIO21-C. Do not create temporary files in shared directories |
Use of obsolete standard function | MSC33-C. Do not pass invalid data to the asctime() function |
Use of obsolete standard function | POS33-C. Do not use vfork() |
Use of obsolete standard function | MSC24-C. Do not use deprecated or obsolescent functions |
Use of obsolete standard function | PRE09-C. Do not replace secure functions with deprecated or obsolescent functions |
Use of plain char type for numerical value | INT07-C. Use only explicitly signed or unsigned char type for numeric values |
Use of previously closed resource | FIO46-C. Do not access a closed file |
Use of previously freed pointer | MEM30-C. Do not access freed memory |
Use of previously freed pointer | MEM00-C. Allocate and free memory in the same module, at the same level of abstraction |
Use of setjmp/longjmp | MSC22-C. Use the setjmp(), longjmp() facility securely |
Use of tainted pointer | EXP34-C. Do not dereference null pointers |
Use of tainted pointer | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
Use of tainted pointer | ARR38-C. Guarantee that library functions do not form invalid pointers |
CERT C: Rule WIN30-C | WIN30-C. Properly pair allocation and deallocation functions |
CERT-C: Rule EXP35-C | EXP35-C. Do not modify objects with temporary lifetime |
CERT-C: Rule FLP32-C | FLP32-C. Prevent or detect domain and range errors in math functions |
CERT-C: Rule FLP36-C | FLP36-C. Preserve precision when converting integral values to floating-point type |
Character value absorbed into EOF | FIO34-C. Distinguish between characters read from a file and EOF or WEOF |
Data race | CON09-C. Avoid the ABA problem when using lock-free algorithms |
Dead code | MSC07-C. Detect and remove dead code |
Do not access a variable through a pointer of an incompatible type | EXP39-C. Do not access a variable through a pointer of an incompatible type |
ERT C: Rule DCL37-C | DCL37-C. Do not declare or define a reserved identifier |
File access between time of check and use (TOCTOU) | FIO01-C. Be careful using functions that use file names for identification |
Improper array initialization | ARR00-C. Understand how arrays work |
Invalid use of standard library memory routine | API00-C. Functions should validate their parameters |
Invalid use of standard library routine | API00-C. Functions should validate their parameters |
Invalid use of standard library string routine | API00-C. Functions should validate their parameters |
Memory allocation with tainted size | MEM07-C. Ensure that the arguments to calloc(), when multiplied, do not wrap |
Memory allocation with tainted size | MEM10-C. Define and use a pointer validation function |
MISRA C:2012 Rule 2.1 | MSC07-C. Detect and remove dead code |
MISRA C:2012 Rule 8.2 | DCL20-C. Explicitly specify void when a function accepts no arguments |
MISRA C:2012 Rule 10.1 | INT16-C. Do not make assumptions about representation of signed integers |
MISRA C:2012 Rule 10.1 | STR04-C. Use plain char for characters in the basic character set |
MISRA C:2012 Rule 10.2 | STR04-C. Use plain char for characters in the basic character set |
MISRA C:2012 Rule 10.3 | STR04-C. Use plain char for characters in the basic character set |
MISRA C:2012 Rule 10.4 | STR04-C. Use plain char for characters in the basic character set |
MISRA C:2012 Rule 21.3 | API03-C. Create consistent interfaces and capabilities across related functions |
Missing case for switch condition | MSC07-C. Detect and remove dead code |
Modification of internal buffer returned from nonreentrant standard function | STR06-C. Do not assume that strtok() leaves the parse string unchanged |
Pointer access out of bounds Use of tainted pointer | API02-C. Functions that read or write to or from an array should take an argument to specify the source or target size |
Use of tainted pointer | MEM10-C. Define and use a pointer validation function |
Use of tainted pointer | MSC15-C. Do not depend on undefined behavior |
Variable length array with nonpositive size | MEM04-C. Beware of zero-length allocations |
Variable length array with nonpositive size | MEM05-C. Avoid large stack allocations |
Variable shadowing | DCL01-C. Do not reuse variable names in subscopes |
Vulnerable path manipulation | FIO02-C. Canonicalize path names originating from tainted sources |
Vulnerable permission assignments | FIO06-C. Create files with appropriate access permissions |
Vulnerable pseudo-random number generator | MSC30-C. Do not use the rand() function for generating pseudorandom numbers |
Write without a further read | DCL22-C. Use volatile for data that cannot be cached |
Write without a further read | MSC13-C. Detect and remove unused values |
Writing to const qualified object | EXP40-C. Do not modify constant objects |
Writing to const qualified object | STR30-C. Do not attempt to modify string literals |
Writing to const qualified object | MSC15-C. Do not depend on undefined behavior |
Writing to const qualified object | STR05-C. Use pointers to const when referring to string literals |
Writing to const qualified object | STR06-C. Do not assume that strtok() leaves the parse string unchanged |
Wrong allocated object size for cast | EXP36-C. Do not cast pointers into more strictly aligned pointer types |
Wrong allocated object size for cast | STR38-C. Do not confuse narrow and wide character strings and functions |
Wrong allocated object size for cast | MEM02-C. Immediately cast the result of a memory allocation function call into a pointer to the allocated type |
Wrong type used in sizeof | MEM35-C. Allocate sufficient memory for an object |
Wrong type used in sizeof | ARR00-C. Understand how arrays work |
Wrong type used in sizeof | ARR01-C. Do not apply the sizeof operator to a pointer when taking the size of an array |
|
Pointer dereference with tainted offset | API02-C. Functions that read or write to or from an array should take an argument to specify the source or target size |
Possible misuse of sizeof | ARR00-C. Understand how arrays work |
Standard function call with incorrect arguments | API00-C. Functions should validate their parameters |
Tainted Data Defects | API00-C. Functions should validate their parameters |
Tainted NULL or non-null-terminated string | FIO17-C. Do not rely on an ending null character when using fread() |
Umask used with chmod-style arguments | FIO06-C. Create files with appropriate access permissions |
Unprotected dynamic memory allocation | MEM10-C. Define and use a pointer validation function |
Unreachable code | MSC07-C. Detect and remove dead code |
Use of dangerous standard function | API02-C. Functions that read or write to or from an array should take an argument to specify the source or target size |
Use of non-secure temporary file | FIO03-C. Do not make assumptions about fopen() and file creation |
Use of obsolete standard function | POS33-C. Do not use vfork() |
Use of tainted pointer | API02-C. Functions that read or write to or from an array should take an argument to specify the source or target size |
Use of tainted pointer | MEM10-C. Define and use a pointer validation function |
Vulnerable permission assignments | FIO06-C. Create files with appropriate access permissions |
Writing to const qualified object | STR05-C. Use pointers to const when referring to string literals |
Writing to const qualified object | STR06-C. Do not assume that strtok() leaves the parse string unchanged |
Wrong type used in sizeof | ARR00-C. Understand how arrays work | Wrong type used in sizeof | MEM02-C. Immediately cast the result of a memory allocation function call into a pointer to the allocated type |