Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Version number:
V. 3.1.1

C checkers CERT C Secure Coding Standard

Guideline

 

ARR01-C. Do not apply the sizeof operator to a pointer when taking the size of an array

 

ARR33-C. Guarantee that copies are made into storage of sufficient size

 

DCL01-C. Do not reuse variable names in subscopes

 

DCL15-C. Declare file-scope objects or functions that do not need external linkage as static

 

DCL30-C. Declare objects with appropriate storage durations

 

DCL36-C. Do not declare an identifier with conflicting linkage classifications

 

EXP01-C. Do not take the size of a pointer to determine the size of the pointed-to type

 

EXP12-C. Do not ignore values returned by functions

 

EXP30-C. Do not depend on order of evaluation between sequence points

 

EXP33-C. Do not reference uninitialized memory

 

EXP34-C. Do not dereference null pointers

 

EXP35-C. Do not modify objects with temporary lifetime

 

FIO30-C. Exclude user input from format strings

 

FIO34-C. Use int to capture the return value of character IO functions

 

FLP33-C. Convert integers to floating point for floating point operations

 

INT01-C. Use rsize_t or size_t for all integer values representing the size of an object

 

INT07-C. Use only explicitly signed or unsigned char type for numeric values

 

INT13-C. Use bitwise operators only on unsigned operands

 

MEM30-C. Do not access freed memory

 

MEM31-C. Free dynamically allocated memory exactly once

 

MSC07-C. Detect and remove dead code

 

MSC12-C. Detect and remove code that has no effect

 

SIG32-C. Do not call longjmp() from inside a signal handler

 

STR30-C. Do not attempt to modify string literals

 

STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator

 

STR33-C. Size wide character strings correctly

 

STR36-C. Do not specify the bound of a character array initialized with a string literal