SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 35

changes.mady.by.user Roberto Bagnara

Saved on

compared with

New Version 36

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: took out NCCEs

...

The rewind function is obsolete because rewind does not return a value and can be emulated using fseek. See FIO07-C. Prefer fseek() to rewind().

The asctime and ctime functions are obsolete because they use non-reentrant static buffers and can be emulated using asctime_s and ctime_s.

Unchecked Obsolete Functions

...

In this noncompliant code example, the obsolete functions strcat and strcpy are () and strcpy() are used.

Code Block
bgColor#FFcccc
void complain(const char *msg) {
  static const char prefix[] = "Error: ";
  static const char suffix[] = "\n";
  char buf[BUFSIZE];

  strcpy(buf, prefix);
  strcat(buf, msg);
  strcat(buf, suffix);
  fputs(buf, stderr);
}

...

Code Block
bgColor#ccccFF
langc
enum { BUFFERSIZE=256 };

void complain(const char *msg) {
  static const char prefix[] = "Error: ";
  static const char suffix[] = "\n";
  char buf[BUFFERSIZE];

  strcpy_s(buf, BUFFERSIZE, prefix);
  strcat_s(buf, BUFFERSIZE, msg);
  strcat_s(buf, BUFFERSIZE, suffix);
  fputs(buf, stderr);
}

Noncompliant Code Example

In this noncompliant code example, the obsolete function setbuf is used.

Code Block
bgColor#FFcccc
FILE *file;
/* Setup file */
setbuf(file, NULL);
/* ... */

Compliant Solution

In this compliant solution, function setvbuf is used instead.

Code Block
bgColor#ccccFF
langc
FILE *file;
/* Setup file */
setvbuf(file, NULL, _IONBF, BUFSIZ);
/* ... */

Noncompliant Code Example

In this noncompliant code example, tmpnam is used.

Code Block
bgColor#FFcccc
char file_name[L_tmpnam];
FILE *fp;

if (!tmpnam(file_name)) {
  /* Handle error */
}

/* A TOCTOU race condition exists here */

fp = fopen(file_name, "wb+");
if (fp == NULL) {
   /* Handle error */
}

Compliant Solution

In this compliant solution, mkostemp is used instead.

Code Block
bgColor#ccccFF
langc
static const char temp_file_template[] = TEMP_DIR DIR_SEPARATOR "xyzzy_XXXXXX";
char file_name[sizeof(temp_file_template)];
FILE *fp;
int fd;

strcpy_s(file_name, sizeof(temp_file_template), temp_file_template);
fd = mkostemp(file_name, O_RDWR | O_CREAT | O_TRUNC);
if (fd == -1) {
  /* Handle error */
}

fp = fdopen(fd, "wb+");
if (fp == NULL) {
   /* Handle error */
}

Noncompliant Code Example

In this noncompliant code example, tmpfile is used.

Code Block
bgColor#FFcccc
FILE *fp = tmpfile();
if (fp == NULL) {
  /* Handle error */
}

Compliant Solution

In this compliant solution,

Code Block
bgColor#ccccFF
langc
 

Exceptions

MSC34-EX1: If an out-of-bounds store cannot occur in a specific invocation of a function, the invocation of that function is permitted by this rule. The rationale for this exception is that the simple use of such a function in a program does not mean the program is incorrect. To eliminate the use of such a function, the programmer must replace calls to the deprecated or obsolete function with calls to the alternative functions. Unfortunately, the process of modifying existing code frequently introduces defects and vulnerabilities and is not recommended. New code should be developed in conformance to this guideline, however.

...