SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 29

changes.mady.by.user Robert Seacord (Manager)

Saved on

compared with

New Version 30

changes.mady.by.user Robert Seacord (Manager)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="34114ef2cba092fe-b874b282-492645d7-999fbc55-cf5117fce93691155c3e11da"><ac:parameter ac:name=""> asynchronous-safe</ac:parameter></ac:structured-macro>
*asynchronous-safe* \[[GNU Pth|AA. C References#GNU Pth]\]
A function is asynchronous-safe, or asynchronous-signal safe, if it can be called safely and without side effects from within a signal handler context. That is, it must be able to be interrupted at any point and run linearly out of sequence without causing an inconsistent state. It must also function properly when global data might itself be in an inconsistent state. Some asynchronous-safe operations are listed below:

...

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b819a9a189764486-4a51982c-46614ef8-9944abf4-1b0dac540754180bfa142961"><ac:parameter ac:name=""> conforming program<availability</ac:parameter></ac:structured-macro>
*conformingavailability*  \[[ISO/IEC 9899-1999IEEE Std 610.12 1990|AA. C References#ISO/IEC 9899-1999 References#IEEE Std 610.12 1990]\] 
ConformingThe programsdegree may depend upon nonportable features of a conforming implementationto which a system or component is operational and accessible when required for use. Often expressed as a probability.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1772c6514a29df8a-7f8c7741-423140e0-a745acb4-c3f07be5bc94cd2d284f4c7c"><ac:parameter ac:name=""> exploit<conforming program</ac:parameter></ac:structured-macro>
*exploitconforming*  \[[Seacord 05ISO/IEC 9899-1999|AA. C References#Seacord 05References#ISO/IEC 9899-1999]\] 
AnConforming exploitprograms ismay adepend pieceupon of software or technique that takes advantagenonportable features of a security vulnerability to violate an explicit or implicit [security policy|BB. Definitions#security policy].conforming implementation.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="db68f9c556b99bf2-91a38432-4d154d3e-8ad48dbc-5a62d1a78412f16f388091e6"><ac:parameter ac:name=""> freestanding environment<exploit</ac:parameter></ac:structured-macro>
*freestanding environmentexploit* \[[ISO/IEC 9899-1999Seacord 05|AA. C References#ISO/IEC 9899-1999References#Seacord 05]\]
An environmentexploit inis whicha Cpiece programof executionsoftware mayor taketechnique placethat withouttakes anyadvantage benefit of ana operating system.&nbsp; Program startup might occur at some function other than {{main()}}, complex types might not be implemented, and only certain minimal library facilities are guaranteed to be available.
Wiki Markup
security vulnerability to violate an explicit or implicit [security policy|BB. Definitions#security policy].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f7b4866157fc5fc3-0609beab-4bdb4635-b4a792d0-8f4aa114b7384785b1d8feea"><ac:parameter ac:name=""> hostedfault environment<tolerance</ac:parameter></ac:structured-macro>
*hostedfault environmenttolerance*  \[[ISO/IEC 9899-1999IEEE Std 610.12 1990|AA. C References#ISO/IEC 9899-1999 References#IEEE Std 610.12 1990]\]
AnThe environmentability thatof isa not freestanding.&nbsp; Program startup occurs at {{main()}}, complex types are implemented, and all C standard library facilities are availablesystem or component to continue normal operation despite the presence of hardware or software faults.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a6019848d39a91dc-c4f5ebce-470e4b11-96f0a4ed-4b5cfea49284f02bbcf157b4"><ac:parameter ac:name=""> freestanding implementation<environment</ac:parameter></ac:structured-macro>
*implementationfreestanding environment* \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\]
ParticularAn setenvironment ofin software, running in a particular translation environment under particular control options, that performs translation of programs for, and supports execution of functions in, a particular execution environmentwhich C program execution may take place without any benefit of an operating system.&nbsp; Program startup might occur at some function other than {{main()}}, complex types might not be implemented, and only certain minimal library facilities are guaranteed to be available.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="315561c7d752c79b-4c01de6d-4a654876-8b0382e7-cd4c68dad836399e1dd830eb"><ac:parameter ac:name=""> implementation-definedhosted behavior<environment</ac:parameter></ac:structured-macro>
*implementation-definedhosted behaviorenvironment* \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\]
UnspecifiedAn behaviorenvironment wherethat each implementation documents how the choice is madeis not freestanding.&nbsp; Program startup occurs at {{main()}}, complex types are implemented, and all C standard library facilities are available.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="58397f5d12b6687b-e7238878-43d64a13-ae9d9db3-691e5085fccc34b94de209e5"><ac:parameter ac:name=""> locale-specific behavior</implementation</ac:parameter></ac:structured-macro>
*locale-specific behaviorimplementation* \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\]
Behavior that depends on local conventions of nationality, cultureParticular set of software, running in a particular translation environment under particular control options, that performs translation of programs for, and languagesupports thatexecution eachof implementation documentsfunctions in, a particular execution environment.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="dbfe80e47b5065a4-5c8e1c4c-4c2b4df2-8fb78d95-583b10ebd66fc87f34370ab9"><ac:parameter ac:name=""> implementation-defined lvalue<behavior</ac:parameter></ac:structured-macro>
*lvalueimplementation-defined behavior* \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\]
AnUnspecified lvaluebehavior iswhere aneach expressionimplementation withdocuments anhow objectthe typechoice or an incomplete type other than {{void}}. The name "lvalue" comes originally from the assignment expression {{E1 = E2}}, in which the left operand {{E1}} is required to be a (modifiable) lvalue. It is perhaps better considered as representing an object "locator value"is made.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bdd44b48-5278-4fc6-b443-1029fb7db357"><ac:parameter ac:name=""> locale-specific behavior</ac:parameter></ac:structured-macro>
*locale-specific behavior* \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\]
Behavior that depends on local conventions of nationality, culture, and language that each implementation documents.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bbafde50-e359-4e9d-b833-7ae776b1d6c3"><ac:parameter ac:name=""> lvalue</ac:parameter></ac:structured-macro>
*lvalue* \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\]
An lvalue is an expression with an object type or an incomplete type other than {{void}}. The name "lvalue" comes originally from the assignment expression {{E1 = E2}}, in which the left operand {{E1}} is required to be a (modifiable) lvalue. It is perhaps better considered as representing an object "locator value".

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="01e874d6-6392-413c-b782-da10091ea080"><ac:parameter ac:name=""> mitigation</ac:parameter></ac:structured-macro>
*mitigation* \[[Seacord 05|AA. C References#Seacord 05]\]
Mitigations are methods, techniques, processes, tools, or runtime libraries that can prevent or limit exploits against vulnerabilities.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b4fbd5ed27b5fdf6-85a8c0b0-42ac49ed-b34d9073-4ab4aef19163eb9f2813a934"><ac:parameter ac:name=""> mitigation<reentrant</ac:parameter></ac:structured-macro>
*mitigationreentrant* \[[SeacordDowd 0506|AA. C References#SeacordReferences#Dowd 0506]\]
MitigationsA function areis methods,reentrant techniques,if processes,multiple tools,instances orof runtimethe librariessame thatfunction can prevent or limit exploits against vulnerabilities run in the same address space concurrently without creating the potential for inconsistent states.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="70e0ff4bb7e53688-2db199cc-45c64d33-9b7dbc12-5e3fc3206acf7093bcd31494"><ac:parameter ac:name=""> reentrant<reliability</ac:parameter></ac:structured-macro>
*reentrantreliability*  \[[Dowd 06IEEE Std 610.12 1990|AA. C References#Dowd 06 References#IEEE Std 610.12 1990]\]
A function is reentrant if multiple instances of the same function can run in the same address space concurrently without creating the potential for inconsistent statesThe ability of a system or component to perform its required functions under stated conditions for a specified period of time.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a556d02a7f72c42b-97738c12-443f4431-a33aa945-16d0f2eca8bab8ac653c9c95"><ac:parameter ac:name=""> rvalue</ac:parameter></ac:structured-macro>
*rvalue* \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\]
Value of an expression.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1d661a51f4461ddf-653340c0-43c64352-b6a1b0c1-b8bbc57449586af3351654f3"><ac:parameter ac:name=""> security flaw</ac:parameter></ac:structured-macro>
*security flaw* \[[Seacord 05|AA. C References#Seacord 05]\]
A security flaw is a software defect that poses a potential security risk.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b65d6e7129c03f98-a0993155-42b344aa-89d0b485-11e92b6d4d1dbd298689d9a1"><ac:parameter ac:name=""> security policy</ac:parameter></ac:structured-macro>
*security policy* \[[Internet Society 00|AA. C References#Internet Society 00]\]
A set of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="13aa8ced477cabea-0261ef91-49074d39-a155b095-63cf7aef9d9db3561e701075"><ac:parameter ac:name=""> sequence point</ac:parameter></ac:structured-macro>
*sequence point* C99 \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\]
Evaluation of an expression may produce side effects. At specific points in the execution sequence called _sequence points_, all side effects of previous evaluations have completed, and no side effects of subsequent evaluations have yet taken place.

...

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="91d06b6e5c809f60-5a434722-420b480e-a0faa628-bee4a50c0c26c238f6f13063"><ac:parameter ac:name=""> strictly conforming</ac:parameter></ac:structured-macro>
*strictly conforming*  \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] 
A strictly conforming program is one that uses only those features of the language and library specified in the international standard.  Strictly conforming programs are intended to be maximally portable among conforming implementations and can't, for example, depend upon implementation-defined behavior.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d53e4ef3d41097af-265a5ab7-40104641-b888b2e1-87d70a8b4df3aa81a8f597fd"><ac:parameter ac:name=""> undefined behavior</ac:parameter></ac:structured-macro>
*undefined behavior* \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\]
Behavior, upon use of a nonportable or erroneous program construct or of erroneous data, for which the standard imposes no requirements.  An example of undefined behavior is the behavior on integer overflow.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5915e509e7d37f1b-7d2aeaa5-4ea548b9-a3ab8527-8f228e922173664bea1ba14b"><ac:parameter ac:name=""> unspecified behavior</ac:parameter></ac:structured-macro>
*unspecified behavior* \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\]
Behavior where the standard provides two or more possibilities and imposes no further requirements on which is chosen in any instance.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9ddb095ca45bb1f8-261bc3ce-4db94c04-a5659df6-590a7d8d53f295b36abcfaf5"><ac:parameter ac:name=""> validation</ac:parameter></ac:structured-macro>
*validation* \[[IEC 61508-4|AA. C References#IEC 61508-4]\]
Confirmation by examination and provision of objective evidence that the particular requirements for a specific intended use are fulfilled.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4ca8286ece5b6767-14020057-44524676-84a1b2e7-dcab414c0828ff5eef72785b"><ac:parameter ac:name=""> verification</ac:parameter></ac:structured-macro>
*verification* \[[IEC 61508-4|AA. C References#IEC 61508-4]\]
Confirmation by examination and provision of objective evidence that the requirements have been fulfilled.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="47b4b71767b6ff2c-06b53d56-49044409-bbef99fe-15fcb8e930cdae39182ad52d"><ac:parameter ac:name=""> vulnerability</ac:parameter></ac:structured-macro>
*vulnerability* \[[Seacord 05|AA. C References#Seacord 05]\]
A vulnerability is a set of conditions that allows an attacker to violate an explicit or implicit security policy.