SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 101

changes.mady.by.user Kris Kafka

Saved on

compared with

New Version 102

changes.mady.by.user Jill Britton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
error-information-unused
error-information-unused-computed		Partially checked
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-ERR33
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

LANG.FUNCS.IRV

Ignored return value
Compass/ROSE

Can detect violations of this recommendation when checking for violations of EXP12-C. Do not ignore values returned by functions and EXP34-C. Do not dereference null pointers

Coverity
Include Page
Coverity_V
Coverity_V

MISRA C 2012 Rule 22.8

MISRA C 2012 Rule 22.9

MISRA C 2012 Rule 22.10

Implemented
LDRA tool suite
Include Page
LDRA_V
LDRA_V

80 D

Partially implemented
Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V

CERT_C-ERR33-a
CERT_C-ERR33-b
CERT_C-ERR33-c
CERT_C-ERR33-d

The value returned by a function having non-void return type shall be used
The value returned by a function having non-void return type shall be used
Avoid null pointer dereferencing
Always check the returned value of non-void function

Parasoft Insure++

Runtime analysis
PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

534

Partially supported

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule ERR33-C


Checks for:

  • Errno not checked
  • Return value of a sensitive function not checked
  • Unprotected dynamic memory allocation

Rule partially covered.

PRQA QA-C
Include Page
PRQA QA-C_v
PRQA QA-C_v

3200

Partially implemented
PRQA QA-C++
Include Page
cplusplus:PRQA QA-C++_V
cplusplus:PRQA QA-C++_V

2820, 2821, 2822, 2823, 2824, 2930, 2931,

2932, 2933, 2934, 3802, 3803, 3804


RuleChecker

Include Page
RuleChecker_V
RuleChecker_V

error-information-unusedPartially checked
TrustInSoft Analyzer

Include Page
TrustInSoft Analyzer_V
TrustInSoft Analyzer_V

pointer arithmeticExhaustively verified.
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V



Related Vulnerabilities

The vulnerability in Adobe Flash [VU#159523] arises because Flash neglects to check the return value from calloc(). Even when calloc() returns a null pointer, Flash writes to an offset from the return value. Dereferencing a null pointer usually results in a program crash, but dereferencing an offset from a null pointer allows an exploit to succeed without crashing the program.

...