Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Checker

Guideline

(customization)FIO44-C. Only use values for fsetpos() that are returned from fgetpos()
(customization)ERR34-C. Detect errors when converting a string to a number
(customization)POS34-C. Do not call putenv() with a pointer to an automatic variable as the argument
(customization)DCL03-C. Use a static assertion to test the value of a constant expression
(customization)FIO06-C. Create files with appropriate access permissions
(customization)FIO08-C. Take care when calling remove() on an open file
(customization)FIO10-C. Take care when using the rename() function
(customization)FIO13-C. Never push back anything other than one read character
(customization)FIO24-C. Do not open a file that is already open
(customization)MEM03-C. Clear sensitive information stored in reusable resources
(customization)MEM04-C. Beware of zero-length allocations
(customization)MSC24-C. Do not use deprecated or obsolescent functions
(customization)STR06-C. Do not assume that strtok() leaves the parse string unchanged
(customization)WIN01-C. Do not forcibly terminate execution
(general)FIO37-C. Do not assume that fgets() or fgetws() returns a nonempty string when successful
(general)ENV01-C. Do not make assumptions about the size of an environment variable
(general)INT04-C. Enforce limits on integer values originating from tainted sources
(general)MEM11-C. Do not assume infinite heap space
ALLOC.DFMEM00-C. Allocate and free memory in the same module, at the same level of abstraction
ALLOC.DFMEM01-C. Store a new value in pointers immediately after free()
ALLOC.FNHMEM34-C. Only free memory allocated dynamically
ALLOC.LEAKMEM31-C. Free dynamically allocated memory when no longer needed
ALLOC.LEAKFIO42-C. Close files when they are no longer needed
ALLOC.LEAKMEM00-C. Allocate and free memory in the same module, at the same level of abstraction
ALLOC.LEAKMEM11-C. Do not assume infinite heap space
ALLOC.SIZE.ADDOFLOWINT30-C. Ensure that unsigned integer operations do not wrap
ALLOC.SIZE.ADDOFLOWINT32-C. Ensure that operations on signed integers do not result in overflow
ALLOC.SIZE.ADDOFLOWMEM35-C. Allocate sufficient memory for an object
ALLOC.SIZE.ADDOFLOWINT08-C. Verify that all integer values are in range
ALLOC.SIZE.ADDOFLOWINT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
ALLOC.SIZE.IOFLOWINT30-C. Ensure that unsigned integer operations do not wrap
ALLOC.SIZE.IOFLOWINT32-C. Ensure that operations on signed integers do not result in overflow
ALLOC.SIZE.IOFLOWMEM35-C. Allocate sufficient memory for an object
ALLOC.SIZE.IOFLOWINT08-C. Verify that all integer values are in range
ALLOC.SIZE.IOFLOWINT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
ALLOC.SIZE.MULOFLOWINT30-C. Ensure that unsigned integer operations do not wrap
ALLOC.SIZE.MULOFLOWINT32-C. Ensure that operations on signed integers do not result in overflow
ALLOC.SIZE.MULOFLOWMEM35-C. Allocate sufficient memory for an object
ALLOC.SIZE.MULOFLOWINT08-C. Verify that all integer values are in range
ALLOC.SIZE.MULOFLOWINT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
ALLOC.SIZE.MULOFLOWMEM07-C. Ensure that the arguments to calloc(), when multiplied, do not wrap
ALLOC.SIZE.SUBUFLOWINT30-C. Ensure that unsigned integer operations do not wrap
ALLOC.SIZE.SUBUFLOWINT32-C. Ensure that operations on signed integers do not result in overflow
ALLOC.SIZE.SUBUFLOWMEM35-C. Allocate sufficient memory for an object
ALLOC.SIZE.SUBUFLOWINT08-C. Verify that all integer values are in range
ALLOC.SIZE.SUBUFLOWINT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
ALLOC.SIZE.SUBUFLOWMEM11-C. Do not assume infinite heap space
ALLOC.SIZE.TRUNCINT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
ALLOC.SIZE.TRUNCMEM35-C. Allocate sufficient memory for an object
ALLOC.SIZE.TRUNCINT02-C. Understand integer conversion rules
ALLOC.SIZE.TRUNCINT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
ALLOC.TMWIN30-C. Properly pair allocation and deallocation functions
ALLOC.TMAPI07-C. Enforce type safety
ALLOC.UAFMEM30-C. Do not access freed memory
ALLOC.UAFMEM01-C. Store a new value in pointers immediately after free()
BADFUNC.*MSC24-C. Do not use deprecated or obsolescent functions
BADFUNC.ATOFERR34-C. Detect errors when converting a string to a number
BADFUNC.ATOIERR34-C. Detect errors when converting a string to a number
BADFUNC.ATOLERR34-C. Detect errors when converting a string to a number
BADFUNC.ATOLLERR34-C. Detect errors when converting a string to a number
BADFUNC.BO.*ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
BADFUNC.BO.*API02-C. Functions that read or write to or from an array should take an argument to specify the source or target size
BADFUNC.BO.OEMTOCHARSTR07-C. Use the bounds-checking interfaces for string manipulation
BADFUNC.BO.STRCATSTR07-C. Use the bounds-checking interfaces for string manipulation
BADFUNC.BO.STRCATCHAINWSTR07-C. Use the bounds-checking interfaces for string manipulation
BADFUNC.BO.STRCMPSTR07-C. Use the bounds-checking interfaces for string manipulation
BADFUNC.BO.STRCPYSTR07-C. Use the bounds-checking interfaces for string manipulation
BADFUNC.BO.STRLENSTR07-C. Use the bounds-checking interfaces for string manipulation
BADFUNC.BO.STRTRNSSTR07-C. Use the bounds-checking interfaces for string manipulation
BADFUNC.CHROOTPOS05-C. Limit access to files by creating a jail
BADFUNC.CREATEPROCESSWIN02-C. Restrict privileges when spawning child processes
BADFUNC.CREATETHREADWIN02-C. Restrict privileges when spawning child processes
BADFUNC.LONGJMPMSC22-C. Use the setjmp(), longjmp() facility securely
BADFUNC.MEMSETMSC06-C. Beware of compiler optimizations
BADFUNC.PATH.*FIO02-C. Canonicalize path names originating from tainted sources
BADFUNC.PATH.AFXLOADLIBRARYWIN00-C. Be specific when dynamically loading libraries
BADFUNC.PATH.COLOADLIBRARYWIN00-C. Be specific when dynamically loading libraries
BADFUNC.PATH.LOADLIBRARYWIN00-C. Be specific when dynamically loading libraries
BADFUNC.PATH.SYSTEMENV33-C. Do not call system()
BADFUNC.RANDOM.RANDCON33-C. Avoid race conditions when using library functions
BADFUNC.RANDOM.RANDMSC30-C. Do not use the rand() function for generating pseudorandom numbers
BADFUNC.SETJMPMSC22-C. Use the setjmp(), longjmp() facility securely
BADFUNC.SIGNALSIG34-C. Do not call signal() from within interruptible signal handlers
BADFUNC.SIGNALCON37-C. Do not call signal() in a multithreaded program
BADFUNC.SIGNALSIG00-C. Mask signals handled by noninterruptible signal handlers
BADFUNC.SIGNALSIG01-C. Understand implementation-specific details regarding signal handler persistence
BADFUNC.SIGNALSIG02-C. Avoid using signals to implement normal functionality
BADFUNC.TEMP.*FIO01-C. Be careful using functions that use file names for identification
BADFUNC.TEMP.*FIO21-C. Do not create temporary files in shared directories
BADFUNC.TEMP.TMPNAMCON33-C. Avoid race conditions when using library functions
BADFUNC.TTYNAMECON33-C. Avoid race conditions when using library functions
BADFUNC.VFORKPOS33-C. Do not use vfork()
BUILD.WALLMSC00-C. Compile cleanly at high warning levels
BUILD.WERRORMSC00-C. Compile cleanly at high warning levels
CONCURRENCY.DATARACESIG31-C. Do not access shared objects in signal handlers
CONCURRENCY.DATARACECON32-C. Prevent data races when accessing bit-fields from multiple threads
CONCURRENCY.DATARACECON43-C. Do not allow data races in multithreaded code
CONCURRENCY.DATARACEPOS49-C. When data must be accessed by multiple threads, provide a mutex and guarantee no adjacent data is also accessed
CONCURRENCY.DATARACECON00-C. Avoid race conditions with multiple threadsCONCURRENCY.LOCK.NOLOCKCON01-C. Acquire and release synchronization primitives in the same module, at the same level of abstraction
CONCURRENCY.LOCK.NOUNLOCKCON01-C. Acquire and release synchronization primitives in the same module, at the same level of abstraction
CONCURRENCY.LOCK.ORDERCON35-C. Avoid deadlock by locking in a predefined order
CONCURRENCY.LOCK.ORDERPOS51-C. Avoid deadlock with POSIX threads by locking in predefined order
CONCURRENCY.STARVE.BLOCKINGPOS52-C. Do not perform operations that can block while holding a POSIX lock
CONCURRENCY.STARVE.BLOCKINGCON05-C. Do not perform operations that can block while holding a lock
HARDCODED.AUTHMSC18-C. Be careful while handling sensitive data, such as passwords, in program code
HARDCODED.KEYMSC18-C. Be careful while handling sensitive data, such as passwords, in program code
HARDCODED.SALTMSC18-C. Be careful while handling sensitive data, such as passwords, in program code
IO.INJ.COMMANDENV33-C. Do not call system()
IO.INJ.COMMANDSTR02-C. Sanitize data passed to complex subsystems
IO.INJ.FMTFIO30-C. Exclude user input from format strings
IO.INJ.FMTFIO47-C. Use valid format strings
IO.INJ.FMTSTR02-C. Sanitize data passed to complex subsystems
IO.INJ.LDAPSTR02-C. Sanitize data passed to complex subsystems
IO.INJ.LIBSTR02-C. Sanitize data passed to complex subsystems
IO.INJ.SQLSTR02-C. Sanitize data passed to complex subsystems
IO.RACEFIO45-C. Avoid TOCTOU race conditions while accessing files
IO.RACEFIO01-C. Be careful using functions that use file names for identification
IO.RACEFIO24-C. Do not open a file that is already open
IO.TAINT.ADDRINT04-C. Enforce limits on integer values originating from tainted sources
IO.TAINT.FNAMEFIO01-C. Be careful using functions that use file names for identification
IO.TAINT.FNAMEFIO02-C. Canonicalize path names originating from tainted sources
IO.TAINT.SIZEMEM35-C. Allocate sufficient memory for an object
IO.TAINT.SIZEINT04-C. Enforce limits on integer values originating from tainted sources
IO.TAINT.SIZEMEM05-C. Avoid large stack allocations
IO.TAINT.SIZEMEM11-C. Do not assume infinite heap space
IO.UACFIO46-C. Do not access a closed file
LANG.ARITH.BIGSHIFTINT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand
LANG.ARITH.DIVZEROINT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors
LANG.ARITH.NEGSHIFTINT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand
LANG.CAST.COERCEINT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
LANG.CAST.COERCEFIO34-C. Distinguish between characters read from a file and EOF or WEOF
LANG.CAST.COERCEAPI07-C. Enforce type safety
LANG.CAST.COERCEINT02-C. Understand integer conversion rules
LANG.CAST.COERCEINT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
LANG.CAST.PC.AVINT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
LANG.CAST.PC.CRCQDCL00-C. Const-qualify immutable objects
LANG.CAST.PC.CRCQEXP05-C. Do not cast away a const qualification
LANG.CAST.PC.INTINT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
LANG.CAST.PC.INTINT36-C. Converting a pointer to integer or integer to pointer
LANG.CAST.RIPEXP14-C. Beware of integer promotion when performing bitwise operations on integer types smaller than int
LANG.CAST.VALUEINT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
LANG.CAST.VALUEAPI07-C. Enforce type safety
LANG.CAST.VALUEINT02-C. Understand integer conversion rules
LANG.CAST.VALUEINT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
LANG.FUNCS.ASSERTSMSC11-C. Incorporate diagnostic tests using assertions
LANG.FUNCS.IRVERR33-C. Detect and handle standard library errors
LANG.FUNCS.IRVPOS54-C. Detect and handle POSIX library errors
LANG.FUNCS.IRVEXP12-C. Do not ignore values returned by functions
LANG.FUNCS.PROTDCL07-C. Include the appropriate type information in function declarators
LANG.FUNCS.PROTDCL20-C. Explicitly specify void when a function accepts no arguments
LANG.ID.AMBIGDCL02-C. Use visually distinct identifiers
LANG.ID.ND.EXTDCL23-C. Guarantee that mutually visible identifiers are unique
LANG.ID.ND.MMDCL23-C. Guarantee that mutually visible identifiers are unique
LANG.ID.ND.MODCL23-C. Guarantee that mutually visible identifiers are unique
LANG.ID.ND.NESTDCL01-C. Do not reuse variable names in subscopes
LANG.ID.ND.NESTDCL23-C. Guarantee that mutually visible identifiers are unique
LANG.ID.ND.SSDCL23-C. Guarantee that mutually visible identifiers are unique
LANG.ID.NU.EXTDCL23-C. Guarantee that mutually visible identifiers are unique
LANG.ID.NU.INTDCL23-C. Guarantee that mutually visible identifiers are unique
LANG.ID.NU.TAGDCL23-C. Guarantee that mutually visible identifiers are unique
LANG.ID.NU.TYPEDCL23-C. Guarantee that mutually visible identifiers are unique
LANG.MEM.BOARR30-C. Do not form or use out-of-bounds pointers or array subscripts
LANG.MEM.BOENV01-C. Do not make assumptions about the size of an environment variable
LANG.MEM.BOEXP08-C. Ensure pointer arithmetic is used correctly
LANG.MEM.BUARR30-C. Do not form or use out-of-bounds pointers or array subscripts
LANG.MEM.BUEXP08-C. Ensure pointer arithmetic is used correctly
LANG.MEM.HRLOOPMSC21-C. Use robust loop termination conditionsLANG.MEM.NPDEXP34-C. Do not dereference null pointers
LANG.MEM.TBAINT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
LANG.MEM.TBAARR30-C. Do not form or use out-of-bounds pointers or array subscripts
LANG.MEM.TBAEXP08-C. Ensure pointer arithmetic is used correctly
LANG.MEM.TBAINT04-C. Enforce limits on integer values originating from tainted sources
LANG.MEM.TOARR30-C. Do not form or use out-of-bounds pointers or array subscripts
LANG.MEM.TOENV01-C. Do not make assumptions about the size of an environment variable
LANG.MEM.TOEXP08-C. Ensure pointer arithmetic is used correctly
LANG.MEM.TUARR30-C. Do not form or use out-of-bounds pointers or array subscripts
LANG.MEM.TUEXP08-C. Ensure pointer arithmetic is used correctly
LANG.MEM.UVAREXP33-C. Do not read uninitialized memory
LANG.PREPROC.MACROARGPRE32-C. Do not use preprocessor directives in invocations of function-like macros
LANG.PREPROC.MACROENDPRE02-C. Macro replacement lists should be parenthesized
LANG.PREPROC.MACROENDPRE11-C. Do not conclude macro definitions with a semicolon
LANG.PREPROC.MACROSTARTPRE02-C. Macro replacement lists should be parenthesized
LANG.PREPROC.PASTEPRE30-C. Do not create a universal character name through concatenation
LANG.PREPROC.PASTEPRE05-C. Understand macro replacement when concatenating tokens or performing stringification
LANG.STRUCT.CONDASSIGEXP45-C. Do not perform assignments in selection statements
LANG.STRUCT.DECL.FAMARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer
LANG.STRUCT.DECL.IFDCL40-C. Do not create incompatible declarations of the same function or object
LANG.STRUCT.DECL.IODCL40-C. Do not create incompatible declarations of the same function or object
LANG.STRUCT.DECLTYPEDECL.MGTDCL23-C. Guarantee that mutually visible identifiers are unique
LANG.STRUCT.DECL.EBSMLEXP15DCL04-C. Do not declare more than one variable per declaration
LANG.STRUCT.EBSEXP15-C. Do not place a semicolon on the same line place a semicolon on the same line as an if, for, or while statement
LANG.STRUCT.EBSMSC12-C. Detect and remove code that has no effect or is never executed
LANG.STRUCT.ENUMINITINIT.ENUMINT09-C. Ensure enumeration constants map to unique values
LANG.STRUCT.LOOP.FPCFLP30-C. Do not use floating-point variables as loop counters
LANG.STRUCT.LOOP.HRMSC21-C. Use robust loop termination conditions
LANG.STRUCT.LOOP.UBMSC21-C. Use robust loop termination conditions
LANG.STRUCT.MRSMSC37-C. Ensure that control never reaches the end of a non-void function
LANG.STRUCT.MULTIDECLNTADDCL04EXP34-C. Do not declare more than one variable per declarationdereference null pointers
LANG.STRUCT.NTADEXP34-C. Do not dereference null pointersLANG.STRUCT.PBBARR30-C. Do not form or use out-of-bounds pointers or array subscripts
LANG.STRUCT.PBBEXP08-C. Ensure pointer arithmetic is used correctly
LANG.STRUCT.PITDCL05-C. Use typedefs of non-pointer types only
LANG.STRUCT.PPEARR30-C. Do not form or use out-of-bounds pointers or array subscripts
LANG.STRUCT.PPEEXP08-C. Ensure pointer arithmetic is used correctly
LANG.STRUCT.RCMSC07-C. Detect and remove dead code
LANG.STRUCT.RCMSC12-C. Detect and remove code that has no effect or is never executed
LANG.STRUCT.RPLDCL30-C. Declare objects with appropriate storage durations
LANG.STRUCT.SCOPE.FILEDCL15-C. Declare file-scope objects or functions that do not need external linkage as static
LANG.STRUCT.SCOPE.FILEDCL19-C. Minimize the scope of variables and functions
LANG.STRUCT.SCOPE.LOCALDCL19-C. Minimize the scope of variables and functions
LANG.STRUCT.SE.CONDEXP45-C. Do not perform assignments in selection statements
LANG.STRUCT.SE.SIZEOFEXP44-C. Do not rely on side effects in operands to sizeof, _Alignof, or _Generic
LANG.STRUCT.SW.MBMSC17-C. Finish every set of statements associated with a case label with a break statement
LANG.STRUCT.UAMSC12-C. Detect and remove code that has no effect or is never executed
LANG.STRUCT.UCMSC07-C. Detect and remove dead code
LANG.STRUCT.UCMSC12-C. Detect and remove code that has no effect or is never executed
LANG.STRUCT.ULOOPMSC21-C. Use robust loop termination conditionsLANG.STRUCT.UPDEXP34-C. Do not dereference null pointers
LANG.STRUCT.UPDAPI00-C. Functions should validate their parameters
LANG.STRUCT.UULABELMSC12-C. Detect and remove code that has no effect or is never executed
LANG.STRUCT.UUMACROMSC12-C. Detect and remove code that has no effect or is never executed
LANG.STRUCT.UUPARAMMSC12-C. Detect and remove code that has no effect or is never executed
LANG.STRUCT.UUTAGMSC12-C. Detect and remove code that has no effect or is never executed
LANG.STRUCT.UUTYPEMSC12-C. Detect and remove code that has no effect or is never executed
LANG.STRUCT.UUVARMSC12-C. Detect and remove code that has no effect or is never executed
LANG.STRUCT.UVALMSC13-C. Detect and remove unused values
LANG.TYPE.AWIDINT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
LANG.TYPE.BASICINT01-C. Use rsize_t or size_t for all integer values representing the size of an object
LANG.TYPE.BFSIGNINT12-C. Do not make assumptions about the type of a plain int bit-field when used in an expression
LANG.TYPE.CSUFDCL16-C. Use "L," not "l," to indicate a long value
LANG.TYPE.IATSTR04-C. Use plain char for characters in the basic character set
LANG.TYPE.ICASTR04-C. Use plain char for characters in the basic character set
LANG.TYPE.IOTEXP46-C. Do not use a bitwise operator with a Boolean-like operand
LANG.TYPE.IOTINT07-C. Use only explicitly signed or unsigned char type for numeric values
LANG.TYPE.IOTINT13-C. Use bitwise operators only on unsigned operands
LANG.TYPE.IOTSTR04-C. Use plain char for characters in the basic character set
LANG.TYPE.MOTFLP06-C. Convert integers to floating point for floating-point operations
LANG.TYPE.MOTSTR04-C. Use plain char for characters in the basic character set
LANG.TYPE.NCSSTR05-C. Use pointers to const when referring to string literals
LANG.TYPE.OCDCL18-C. Do not begin integer constants with 0 when specifying a decimal value
LANG.TYPE.OWIDINT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
LANG.TYPE.RESTRICTEXP43-C. Avoid undefined behavior when using restrict-qualified pointers
MISC.CRYPTO.NOPADMSC18-C. Be careful while handling sensitive data, such as passwords, in program code
MISC.FMTFIO30-C. Exclude user input from format strings
MISC.FMTFIO47-C. Use valid format strings
MISC.MEM.NTERMSTR03-C. Do not inadvertently truncate a string
MISC.MEM.SIZE.ADDOFLOWINT30-C. Ensure that unsigned integer operations do not wrap
MISC.MEM.SIZE.ADDOFLOWINT32-C. Ensure that operations on signed integers do not result in overflow
MISC.MEM.SIZE.ADDOFLOWINT08-C. Verify that all integer values are in range
MISC.MEM.SIZE.ADDOFLOWINT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
MISC.MEM.SIZE.BADINT30-C. Ensure that unsigned integer operations do not wrap
MISC.MEM.SIZE.BADINT32-C. Ensure that operations on signed integers do not result in overflow
MISC.MEM.SIZE.BADMEM35-C. Allocate sufficient memory for an object
MISC.MEM.SIZE.BADINT08-C. Verify that all integer values are in range
MISC.MEM.SIZE.BADINT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
MISC.MEM.SIZE.BADMEM05-C. Avoid large stack allocations
MISC.MEM.SIZE.BADMEM11-C. Do not assume infinite heap space
MISC.MEM.SIZE.MULOFLOWINT30-C. Ensure that unsigned integer operations do not wrap
MISC.MEM.SIZE.MULOFLOWINT32-C. Ensure that operations on signed integers do not result in overflow
MISC.MEM.SIZE.MULOFLOWINT08-C. Verify that all integer values are in range
MISC.MEM.SIZE.MULOFLOWINT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
MISC.MEM.SIZE.SUBUFLOWINT30-C. Ensure that unsigned integer operations do not wrap
MISC.MEM.SIZE.SUBUFLOWINT32-C. Ensure that operations on signed integers do not result in overflow
MISC.MEM.SIZE.SUBUFLOWINT08-C. Verify that all integer values are in range
MISC.MEM.SIZE.SUBUFLOWINT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
MISC.MEM.SIZE.TRUNCINT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
MISC.MEM.SIZE.TRUNCINT02-C. Understand integer conversion rules
MISC.MEM.SIZE.TRUNCINT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
MISC.NEGCHARSTR34-C. Cast characters to unsigned char before converting to larger integer sizes
MISC.NEGCHARSTR37-C. Arguments to character-handling functions must be representable as an unsigned char
MISC.NEGCHARINT05-C. Do not use input functions to convert character data if they cannot handle all possible inputs
MISC.NEGCHARSTR00-C. Represent characters using an appropriate type
MISC.NOEFFECTMSC12-C. Detect and remove code that has no effect or is never executed
MISC.PWD.PLAINMSC18-C. Be careful while handling sensitive data, such as passwords, in program code