SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 34

changes.mady.by.user Gina DeCola

Saved on

compared with

New Version 35

changes.mady.by.user Justin Pincar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#FFCCCC
int main(void) {
  int c = foo();
  printf(""%d\n"", c);
  return 0;
}

int foo(int a) {
  return a;
}

...

Code Block
bgColor#ccccff
int foo(int);

int main(void) {
  int c = foo(0);
  printf(""%d\n"", c);
  return 0;
}

int foo(int a) {
  return a;
}

...

Code Block
bgColor#ffcccc
foo(void) {
  return UINT_MAX;
}

int main(void) {
  long long c = foo();
  printf(""%lld\n"", c);
  return 0;
}

Because the compiler assumes that foo() returns a value of type int, UINT_MAX is incorrectly converted to -1.

...

Code Block
bgColor#ccccff
unsigned int foo(void) {
  return UINT_MAX;
}

int main(void) {
  long long c = foo();
  printf(""%lld\n"", c);
  return 0;
}

Risk Assessment

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

This rule appears in the C++ Secure Coding Standard as DCL31-CPP. Declare identifiers before using them.

References

Wiki Markup
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.7.2, ""Type specifiers"", Section  6.5.2.2, ""Function calls""
\[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\] ""OTR Subprogram Signature Mismatch""
\[[Jones 08|AA. C References#Jones 08]\]
\[[MISRA 04|AA. C References#MISRA 04]\]

...

            02. Declarations and Initialization (DCL)              DCL32-C. Guarantee that mutually visible identifiers are unique