SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 99

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 100

changes.mady.by.user Aaron Ballman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#ffcccc
langc
#include <stddef.h>
#include <stdio.h>
#define BUFFER_SIZE 1024

void f(FILE *file) {
  enum { BUFFER_SIZE = 1024 };
  wchar_t wbuf[BUFFER_SIZE];

  const size_t size = sizeof(*wbuf);
  const size_t nitems = sizeof(wbuf);

  size_t nread;

  nread = fread(wbuf, size, nitems, file);
}

...

Code Block
bgColor#ccccff
langc
#include <stddef.h>
#include <stdio.h>
#define BUFFER_SIZE 1024
 
void f(FILE *file) {
  enum { BUFFER_SIZE = 1024 };
  wchar_t wbuf[BUFFER_SIZE];

  const size_t size = sizeof(*wbuf);
  const size_t nitems = sizeof(wbuf) / size;

  size_t nread;

  nread = fread(wbuf, size, nitems, file);
}

...

C Secure Coding StandardAPI00-C. Functions should validate their parameters
ARR01-C. Do not apply the sizeof operator to a pointer when taking the size of an array
INT30-C. Ensure that unsigned integer operations do not wrap
ISO/IEC TS 17961Forming invalid pointers by library functions [libptr]
ISO/IEC TR 24772:2013

Buffer Boundary Violation (Buffer Overflow) [HCB]
Unchecked Array Copying [XYW]

MITRE CWE

 

CWE-119, Failure to constrain operations within the bounds of an allocated memory buffer
CWE-121, Stack-based buffer overflow
CWE-805, Buffer access with incorrect length value 

...