SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 28

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 29

changes.mady.by.user Robert Seacord

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Typically, there are several different possible alignments used for the fundamental types of CDifferent alignments are possible for different types of objects. If the C type checking system is overridden by an explicit cast, it is possible the alignment of the underlying an object or type may not match up with be the same as the alignment of the object to which it was cast. Therefore, the alignment must always be the same As a result, if a pointer to one object is to be cast into anotherconverted to a pointer different object, the objects must have the same alignment.

Non-

...

Compliant Code Example

By definition of C99, a pointer may be cast into and out of void * validly. Thus it is possible to silently switch from one type of pointer to another without flagging a compiler warning by first storing or casting the initial pointer to void * and then storing or casting it to the final type. In the following non-compliant code, the type checking system is circumvented due to the caveats of void pointers.

...

This example should compile without warning. However, v_pointer might be aligned on a 1 byte boundary. Once it is cast to an int, some architectures will require it to be on 4 byte boundaries. If int_ptr is then later dereferenced, abnormal termination of the program may result.

Compliant Solution

In this compliant solution, the parameter is changed to only accept other int* pointers since the input parameter directly influences the output parameter.

Code Block
bgColor#ccccff
int *loop_ptr;
int *int_ptr;

int *loopFunction(int *v_pointer) {
  return v_pointer;
}
int_ptr = loopFunction(loop_ptr);

Implementation Details

List of common alignments for Microsoft, Borland, and GNU compilers to x86

Type

Alignment

char

1 byte aligned

short

2 byte aligned

int

4 byte aligned

float

4 byte aligned

double

8 byte on Windows, 4 byte on Linux

Risk Assessment

Accessing a pointer or an object that is no longer on the correct access boundary can cause a program to crash, give wrong information, or may cause slow pointer accesses (if the architecture does not care about alignment).

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

EXP36-C

1 (low)

2 (probable)

2 (medium)

P4

L3

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[Bryant 03|AA. C References#Bryant 03]\] 
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.2.5, "Types"