...
Non-Compliant Code Example
The following non-compliant code example simply illustrates calling the standard string handling function strlen() with a plain character string, a signed character string, and an unsigned character string:
| Code Block | ||
|---|---|---|
| ||
#include <string.h> int main(void) { size_t len; char cstr[] = "char string"; signed char scstr[] = "signed char string"; unsigned char msgucstr[100]; |
Compliant Solution
] = "unsigned char string";
len = strlen(cstr);
len = strlen(scstr); /* warns when char is unsigned */
len = strlen(ucstr); /* warns when char is signed */
return 0;
}
|
Compiling at high warning levels, in compliance with MSC00-A. Compile cleanly at high warning levels causes warnings to be issue when converting from unsigned char[] to const char * when char is signed, and from signed char[] to const char * when char is defined to be unsigned. Casts are required to eliminate these warnings, but excessive casts can make code difficult to read and hide legitimate warning messages.
If this C code were to compiled using a C++ compiler, conversions between from unsigned char[] to const char * and from signed char[] to const char * would be be flagged as errors requiring casts.
Compliant Solution
The compliant solution uses plain char for character data.
| Code Block | ||
|---|---|---|
| ||
#include <string.h> int main(void) { size_t len; char error_msgcstr[100];] = "char string"; len = strlen(cstr); return 0; } |
Risk Assessment
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
STR07-A | 1 (low) | 1 (unlikely) | 2 (medium) | P2 | L3 |
...