SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 33

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 34

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki Markup
Many functions accept pointers as arguments. If the function dereferences an invalid pointer (seeas in guideline [EXP34-C. Do not dereference null pointers]) or reads or writes to a pointer that does not refer to an object, the results are [undefined|BB. Definitions#undefined]. Typically, the program will terminate abnormally when an invalid pointer is dereferenced, but it is possible, for an invalid pointer to be dereferenced, and its memory changed, without abnormal termination \[[Jack 072007|AA. Bibliography#Jack 07]\]. Such programs can be difficult to debug because of the difficulty in determining if a pointer is valid.

...

The valid() function does not guarantee validity (; it only identifies null pointers and pointers to functions as invalid). However, but it can be used to catch a substantial number of problems that might otherwise go undetected.

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

Related Guidelines

This rule appears in the C++ Secure Coding Standard as : MEM10-CPP. Define and use a pointer validation function.

Bibliography

Wiki Markup
\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 6.3.2.3, "Pointers"
\[[Jack 072007|AA. Bibliography#Jack 07]\]
\[[MITRE 072007|AA. Bibliography#MITRE 07]\] [CWE ID 20|http://cwe.mitre.org/data/definitions/20.html], "Insufficient Input Validation"
\[[van Sprundel 062006|AA. Bibliography#van Sprundel 06]\]

...