SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 11

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 12

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by NavBot (vkp) v1.0

...

UB

Description

Example Code

43

Addition or subtraction of a pointer into, or just beyond, an array object and an integer type produces a result that does not point into, or just beyond, the same array object.

#Forming Out Of Bounds Pointer

44

Addition or subtraction of a pointer into, or just beyond, an array object and an integer type produces a result that points just beyond the array object and is used as the operand of a unary * operator that is evaluated.

#Dereferencing Past The End Pointer, #Using Past The End Index

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="cbca646d35b854b9-7c38caba-41154a03-8f8a9d2b-a55be96b9b3c0de19a536384"><ac:plain-text-body><![CDATA[

[46

CC. Undefined Behavior#ub_46]

An array subscript is out of range, even if an object is apparently accessible with the given subscript (as in the lvalue expression a[1][7] given the declaration int a[4][5]).

[#Apparently Accessible Out Of Range Index]

]]></ac:plain-text-body></ac:structured-macro>

59

An attempt is made to access, or generate a pointer to just past, a flexible array member of a structure when the referenced object provides no elements for that array.

#Pointer Past Flexible Array Member

103

The pointer passed to a library function array parameter does not have a value such that all address computations and object accesses are valid.

#Invalid Access By Library Function

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

TO DO.

...

Bibliography

Wiki Markup
\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 6.7.5.2, "Array declarators"
\[[ISO/IEC PDTR 24772|AA. Bibliography#ISO/IEC PDTR 24772]\] "XYX Boundary Beginning Violation," "XYY Wrap-around Error," and "XYZ Unchecked Array Indexing"
\[[CWE|AA. Bibliography#CWE]\] [CWE-119|http://cwe.mitre.org/data/definitions/119.html]: Failure to Constrain Operations within the Bounds of a Memory Buffer
\[[CWE|AA. Bibliography#CWE]\] [CWE-121|http://cwe.mitre.org/data/definitions/121.html]: Stack-based Buffer Overflow
\[[CWE|AA. Bibliography#CWE]\] [CWE-122|http://cwe.mitre.org/data/definitions/122.html]: Heap-based Buffer Overflow
\[[CWE|AA. Bibliography#CWE]\] [CWE-129|http://cwe.mitre.org/data/definitions/129.html]: Unchecked Array Indexing
\[[CWE|AA. Bibliography#CWE]\] [CWE-788|http://cwe.mitre.org/data/definitions/788.html]: Access of Memory Location After End of Buffer
\[[CWE|AA. Bibliography#CWE]\] [CWE-805|http://cwe.mitre.org/data/definitions/805.html]: Buffer Access with Incorrect Length Value
\[[Finlay 03|AA. Bibliography#Finlay 03]\]
\[[Microsoft 03|AA. Bibliography#Microsoft 03]\]
\[[Pethia 03|AA. Bibliography#Pethia 03]\]
\[[Seacord 05a|AA. Bibliography#Seacord 05]\] Chapter 1, "Running with Scissors"
\[[Viega 05|AA. Bibliography#Viega 05]\] Section 5.2.13, "Unchecked array indexing"
\[[xorl 2009|AA. Bibliography#xorl 2009] \] ["CVE-2008-1517: Apple Mac OS X (XNU) Missing Array Index Validation"|http://xorl.wordpress.com/2009/06/09/cve-2008-1517-apple-mac-os-x-xnu-missing-array-index-validation/]

...