SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 33

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 34

changes.mady.by.user Justin Pincar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#ccccff
void foo(const int * x) {
  if (x != NULL) {
    printf(""Value is %d\n"", *x);
  }
  /* ... */
}

Noncompliant Code Example

...

Code Block
bgColor#FFCCCC
char *strcat_nc(char *s1, char *s2);

char *str1 = "str1""str1";
const char *str2 = "str2";"str2";
char str3[9] = "str3";"str3";
const char str4[9] = "str4""str4";

strcat_nc(str3, str2);	/* Compiler warns that str2 is const */
strcat_nc(str1, str3);  /* Attempts to overwrite string literal! */
strcat_nc(str4, str3);  /* Compiler warns that str4 is const */

...

Code Block
bgColor#ccccff
char *strcat(char *s1, const char *s2); 

char *str1 = "str1";"str1";
const char *str2 = "str2";"str2";
char str3[9] = "str3""str3";
const char str4[9] = "str4";"str4";

strcat(str3, str2); 

/* Args reversed to prevent overwriting string literal */ 
strcat(str3, str1);  
strcat(str4, str3);  /* Compiler warns that str4 is const */

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

This rule appears in the C++ Secure Coding Standard as DCL13-CPP. Declare function parameters that are pointers to values not changed by the function as const.

References

Wiki Markup
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] 
\[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\] ""CSJ Passing parameters and return values""

...

Image Added      Image Removed      02. Declarations and Initialization (DCL)              DCL14-C. Do not make assumptions about the order of global variable initialization across translation units