SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 93

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version 94

changes.mady.by.user Amy Gale

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

INT04-C

Low

Probable

High

P2

L3

Automated Detection

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
(general)CodeSonar will track the tainted value along with any limits applied to it, and flag any problems caused by underconstraint. Warnings of a wide range of classes may be triggered, including "Tainted Allocation Size", "Buffer Overrun", and "Division By Zero".

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C++ Secure Coding StandardINT04-CPP. Enforce limits on integer values originating from untrusted sources
ISO/IEC TS 17961:2013Forming invalid pointers by library functions [libptr]
Tainted, potentially mutilated, or out-of-domain integer values are used in a restricted sink [taintsink]

...