SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 34

changes.mady.by.user Jeffrey Gennari

Saved on

compared with

New Version 35

changes.mady.by.user Jeffrey Gennari

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Wiki Markup
C99 eliminated implicit function declarations from the C language \[[ISO/IEC9899-1999|AA. C References#ISO/IEC 9899-1999]\]. However, many compilers allow compilation of programs containing implicitly defined functions, although they may issue a warning message. These warnings should be resolved \[[MSC00-A|MSC00-A. Compile cleanly at high warning levels]\], but do not prevent program compilation.

Non-Compliant Code Example 1

In this example, the definition of func() expects three parameters but is supplied only two. However, because there is no prototype for func(), the compiler assumes that the correct number of arguments has been supplied, and uses the next value on the program stack as the missing third argument.

Code Block
bgColor#FFCCCC
function(1, 2);
...
int func(int one, int two, int three){
  printf("%d %d %d", one, two, three);
  return 1;
}

Compliant Solution 1

To correct this example, the appropriate function prototype for func() should be specified.

Code Block
bgColor#ccccff
int function(int, int, int);
...

function(1,2);
...
int func(int one, int two, int three){
  printf("%d %d %d", one, two, three);
  return 1;
}

Non-Compliant Code Example 2

Wiki Markup
The following example is based on rule \[[MEM02-A|MEM02-A. Do not cast the return value from malloc()]\]. The header file {{stdlib.h}} contains the function prototype for {{malloc()}}. Failing to include {{stdlib.h}} causes {{malloc()}} to be implicitly defined.

Code Block
bgColor#FFCCCC
char *p = malloc(10);

Compliant Solution 2

including stdlib.h ensures the function prototype for malloc() is declared.

Code Block
bgColor#ccccff
#include <stdlib.h>
...
char *p = malloc(10);

Risk Assessment

Failure to specify function prototypes can result in undefined, and perhaps unintended program behavior.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

DRAFT DCL31-C.

1 (low)

1 (unlikely)

3 (low)

P3

L3

Examples of vulnerabilities resulting from the violation of this rule can be found on the CERT website.

References

  • Wiki Markup
    \[[ISO/IEC9899-1999|AA. C References#ISO/IEC 9899-1999]\] Forward
\[[MEM02-A|MEM02-A. Do not cast the return value from malloc()]\], \[[MSC00-Ahttps://www.securecoding.cert.org/confluence/display/seccode/MSC00-A.+Compile+cleanly+at+high+warning+levels]\]