SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 70

changes.mady.by.user Pranjal Jumde

Saved on

compared with

New Version 71

changes.mady.by.user Pranjal Jumde

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: updated for consistency with TS 17961

...

The following standard library functions take a pointer argument and a size argument, with the constraint that the pointer must point to a valid memory object of at least the number of bytes or wide characters (as appropriate) indicated by the size argument.

 

fgets()

fread()*

fwrite()*

mblen()

memchr()

memset()

fgetws()

wmemchr()

wmemset()

mbrlen()

tmpnam_s()

gets_s()

getenv_s()

memset_s()

strerror_s()

strnlen_s()

asctime_s()

ctime_s()

wcscpy_s()

wcsncpy_s()

wmemcpy_s()

wmemmove_s()

wcscat_s()

wcsncat_s()

wcsnlen_s()

 

 

 

Library functions that take two pointers and an integer

The following standard library functions take two pointer arguments and a size argument, with the constraint that both pointers must point to valid memory objects of at least the number of bytes or wide characters as appropriate, indicated by the size argument.

mbtowc()

wctomb()

mbtowcs()

wcstombs()

memcpy()

memmove()

strncpy()

strncat()

memcmp()

strncmp()

strxfrm()

mbrtoc16()

mbrtoc32()

wcsncpy()

wmemcpy()

wmemmove()

wcsncat()

wcsncmp()

wcsxfrm()

wmemcmp()

mbrtowc()

wcrtomb()

mbsrtowcs()

wcsrtombs()

wctomb_s()

mbtowcs_s()

wcstombs_s()

memcpy_s()

memmove_s()

strcpy_s()

strncpy_s()

strcat_s()

strncat_s()

wcscpy_s()

wcsncpy_s()

wmemcpy_s()

wmemmove_s()

wcscat_s()

wcsncat_s()

wcrtomb_s()

mbsrtowcs_s()

wcsrtombs_s()

 

 

 Library functions that take a pointer and two integers

The following standard library functions take a pointer argument and two size arguments, with the constraint that the pointer must point to a valid memory object containing at least as many bytes as the product of the two size arguments.

bsearch()

qsort()

bsearch_s()

qsort_s()

Standard memory allocation functions

The following are the standard memory allocation functions that take a size integer argument and return a pointer.

aligned_alloc()

calloc()

malloc()

realloc()

Other Library Functions: 

memcpy()

memmove()

vsnprintf()

 

vswprintf()swprintf()

strftime()

strxfrm()

snprintf() 

 

 

 

*Both functions take more than one size_t argument. In such cases, the compliant code must be consistent with the purpose of these arguments. For example, in the case of fread():

...

Code Block
bgColor#ccccff
wchar_t *f4() {
  const wchar_t *p = L"Hello, World!";
  const size_t n = sizeof(wchar_t) * (wcslen(p) + 1);

  wchar_t *q = (wchar_t*) malloc(n);
  return q;
}

Noncompliant Code Example

In this noncompliant example, a diagnostic is required because the value of n is not computed correctly, allowing a possible write past the end of the object referenced by p.

Code Block
bgColor#FFcccc
void f4(char p[], const char *q) {
  const size_t n = sizeof(p); 
  if ((memcpy(p, q, n)) == p) {  /* violation */
    /* ... */
  }
 
  /* ... */
}

Compliant Solution

This compliant solution ensures that the n is equal to the size of the character array.

Code Block
bgColor#ccccff
void f4(char p[], const char *q, size_t size_p) {
  const size_t n = size_p; 
  if ((memcpy(p, q, n)) == p) {  
    /* ... */
  }
 
  /* ... */
}

Risk Assessment

Depending on the library function called, the attacker may be able to use a heap overflow vulnerability to run arbitrary code.

...