SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 37

changes.mady.by.user Osona Steave

Saved on

compared with

New Version 38

changes.mady.by.user Shaun Hedrick

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Examples of vulnerabilities resulting from the violation of this rule can be found on the CERT website.

Automated Detection

The Coverity Prevent NEGATIVE_RETURNS checker can find array accesses, loop bounds, and other expressions which may contain dangerous implied integer conversions that would result in unexpected behavior. Coverity Prevent cannot discover all violations of this rule so further verification is necessary.

References

Wiki Markup
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] 6.3, "Conversions"
\[[Seacord 05|AA. C References#Seacord 05]\] Chapter 5, "Integers"
\[[Warren 02|AA. C References#Warren 02]\] Chapter 2, "Basics"
\[[Viega 05|AA. C References#Viega 05]\] Section 5.2.9, "Truncation error," Section 5.2.10, "Sign extension error," Section 5.2.11, "Signed to unsigned conversion error," and Section 5.2.12, "Unsigned to signed conversion error"
\[[Dowd 06|AA. C References#Dowd 06]\] Chapter 6, "C Language Issues" (Type Conversions, pp. 223-270)