SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 145

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version 146

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In this noncompliant code example, the function mbrlen() is passed the address of an automatic mbstate_t object that has not been properly initialized, leading to undefined behavior. See undefined behavior 200 in Annex J of the C Standard [ISO/IEC 9899:2011].

Code Block
bgColor#ffcccc
langc
void f(const char *mbs) {
  size_t len;
  mbstate_t state;

  len = mbrlen(mbs, strlen(mbs), &state);

  /* ... */
}

...

ToolVersionCheckerDescription

LDRA tool suite

Include Page
LDRA_V
LDRA_V

57 D
69 D

Fully implemented.

Fortify SCA  

Can detect violations of this rule, but will return false positives if the initialization was done in another function.

SplintV. 3.1.1  
GCCV 4.3.5 

Can detect some   violations of this rule when the -Wuninitialized flag is used.

Compass/ROSE  

Automatically detects simple violations of this rule, although it may return some false positives. It may not catch more complex violations, such as initialization within functions taking uninitialized variables as arguments. It does catch the second noncompliant code example, and can be extended to catch the first as well.

Coverity Prevent

V. 5.0

NO_EFFECT

Can find cases of an uninitialized variable being used before it is initialized, although it cannot detect cases of uninitialized members of a struct. Because Coverity Prevent cannot discover all violations of this rule, further verification is necessary.

Klocwork

V. 9.1

UNINIT.HEAP.MIGHT
UNINIT.HEAP.MUST
UNINIT.STACK.ARRAY.MIGHT
UNINIT.STACK.ARRAY.MUST UNINIT.STACK.ARRAY.PARTIAL.MUST
UNINIT.STACK.MUST

 
PRQA QA-C
Include Page
PRQA_V
PRQA_V
2961 (D)
2962 (A)
2963 (S)
2971 (D)
2972 (A)		Fully implemented.

...

CVE-2009-1888 results from a violation of this recommendation. Some versions of SAMBA (up to 3.3.5) call a function which takes in two potentially unitiliazed uninitialized variables involving access rights. An attacker can exploit this to bypass the access control list and gain access to protected files [xorl 2009].

...

CERT C++ Secure Coding StandardEXP33-CPP. Do not reference uninitialized memory
ISO/IEC TR 24772Initialization of variables [LAV]
ISO/IEC TS 17961(Draft) Referencing uninitialized memory [uninitref]ISO/IEC TR 24772Initialization of variables [LAV]

Bibliography

[Flake 2006] 
[ISO/IEC 9899:2011]Section 6.7.9, "Initialization"
[Mercy 2006] 
[Wang 2012]"More Randomness or Less"
[xorl 2009]"CVE-2009-1888: SAMBA ACLs Uninitialized Memory Read"

...