SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 79

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version 80

changes.mady.by.user John Benito

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: changes to examples to match new coding guidelines

...

Code Block
bgColor#FFcccc
langc
signed long s_a;
signed long s_b;
signed long result;

void func(void) {
  /* Initialize s_a and s_b */

  result = s_a / s_b;

  /* ... */
}

Compliant Solution

This compliant solution tests the suspect division operation to guarantee there is no possibility of divide-by-zero errors or signed overflow:

Code Block
bgColor#ccccff
langc
#include <limits.h>
 
signed long s_a;
signed long s_b;
signed long result;

void func(void) {
  /* Initialize s_a, and s_b and result*/

  if ( (s_b == 0) || ( (s_a == LONG_MIN) && (s_b == -1) ) ) {
    /* Handle error condition */
  }
 else {
    result = s_a / s_b;
  }

  /* ... */
}

Modulo

The modulo operator provides the remainder when two operands of integer type are divided.

...

Code Block
bgColor#FFcccc
langc
signed long s_a;
signed long s_b;
signed long result;

void func(void) {
  /* Initialize s_a and s_b */

  result = s_a % s_b;

  /* ... */
}

Compliant Solution

This compliant solution tests the suspect modulo operation to guarantee there is no possibility of a divide-by-zero error or an overflow error:

Code Block
bgColor#ccccff
langc
#include <limits.h>
 
signed long s_a;
signed long s_b;
signed long result;

void func(void) {
  /* Initialize s_a and, s_b and result*/

  if ( (s_b == 0 ) || ( (s_a == LONG_MIN) && (s_b == -1) ) ) {
    /* Handle error condition */
  }
 else {
    result = s_a % s_b;
  }

}

Risk Assessment

A divide by zero can result in abnormal program termination and denial of service.

...