SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 24

changes.mady.by.user Pamela Curtis

Saved on

compared with

New Version 25

changes.mady.by.user Pamela Curtis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fd8c243dbda6c29a-55208b3a-4ff1438c-8797b242-722c98ce5396e107886b3f1f"><ac:parameter ac:name=""> asynchronous-safe</ac:parameter></ac:structured-macro>
*asynchronous-safe* \[[GNU Pth|AA. C References#GNU Pth]\]
A function is asynchronous-safe, or asynchronous-signal safe, if it can be called safely and without side effects from within a signal handler context. That is, it must be able to be interrupted at any point and run linearly out of sequence without causing an inconsistent state. Some asynchronous-safe operations are listed below:

...

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="426a6f1607ce5613-c58a28d6-4da04cff-aa2b9d6e-c75ac34a4624d8febe181c5d"><ac:parameter ac:name=""> exploit</ac:parameter></ac:structured-macro>
*exploit* \[[Seacord 05|AA. C References#Seacord 05]\]
An exploit is a piece of software or technique that takes advantage of a security vulnerability to violate an explicit or implicit [security policy|BB. Definitions#security policy].

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="19e338968cf645ac-843fff85-407643fe-9c9383c1-1d5fb0bc5cadd7b30a719d9f"><ac:parameter ac:name=""> freestanding environment</ac:parameter></ac:structured-macro>
*freestanding environment* \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\]
An environment in which C program execution may take place without any benefit of an operating system.&nbsp; Program startup might occur at some function other than {{main()}}, complex types might not be implemented, and only certain minimal library facilities are guaranteed to be available.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0acfc4bffea58dd7-7096378c-47d54ead-b98ca4fb-4690ce6b9ebe78f15f81b022"><ac:parameter ac:name=""> hosted environment</ac:parameter></ac:structured-macro>
*hosted environment* \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\]
An environment that is not freestanding.&nbsp; Program startup occurs at {{main()}}, complex types are implemented, and all C standard library facilities are available.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8eb1bf01b253533a-e345ce43-4d094081-9e788265-5bf278400918ec59380b0206"><ac:parameter ac:name=""> implementation</ac:parameter></ac:structured-macro>
*implementation* \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\]
Particular set of software, running in a particular translation environment under particular control options, that performs translation of programs for, and supports execution of functions in, a particular execution environment.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8083e37d45834acc-773cfac1-4bb1413b-9389a226-f5e2d925b72efcd48b861aba"><ac:parameter ac:name=""> implementation-defined behavior</ac:parameter></ac:structured-macro>
*implementation-defined behavior* \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\]
Unspecified behavior where each implementation documents how the choice is made.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ec091edf909a6b79-fc6b86e3-4a9346ac-aeae8a53-009a5e44f4ab8ef7683eeed3"><ac:parameter ac:name=""> locale-specific behavior</ac:parameter></ac:structured-macro>
*locale-specific behavior* \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\]
Behavior that depends on local conventions of nationality, culture, and language that each implementation documents.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c7436333f1254e90-a823d348-49e24b04-85babc7d-85aba749dd3943ee4104b3f3"><ac:parameter ac:name=""> lvalue</ac:parameter></ac:structured-macro>
*lvalue* \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\]
An lvalue is an expression with an object type or an incomplete type other than {{void}}. The name "lvalue" comes originally from the assignment expression {{E1 = E2}}, in which the left operand {{E1}} is required to be a (modifiable) lvalue. It is perhaps better considered as representing an object "locator value".

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0ed3ec82dbb58a51-85c20ef5-4d944e5b-a96fa3d2-3355720d1bf961d58cb46cbc"><ac:parameter ac:name=""> mitigation</ac:parameter></ac:structured-macro>
*mitigation* \[[Seacord 05|AA. C References#Seacord 05]\]
Mitigations are methods, techniques, processes, tools, or runtime libraries that can prevent or limit exploits against vulnerabilities.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="70872ba3bfecdc81-7f5c206d-4b754b87-8c3786a5-c7c9fa39d61c829c91b20bdc"><ac:parameter ac:name=""> reentrant</ac:parameter></ac:structured-macro>
*reentrant* \[[Dowd 06|AA. C References#Dowd 06]\]
A function is reentrant if multiple instances of the same function can run in the same address space concurrently without creating the potential for inconsistent states.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="403d8a2f955fb8ef-f2dce4ce-4c6b46d2-b7b3926a-6cbf149586fdad93d321bc17"><ac:parameter ac:name=""> rvalue</ac:parameter></ac:structured-macro>
*rvalue* \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\]
Value of an expression.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="02c99d79c80396db-7c0bcc23-4f86448f-8e67854c-78a0e9fd8e31077c225fa290"><ac:parameter ac:name=""> security flaw</ac:parameter></ac:structured-macro>
*security flaw* \[[Seacord 05|AA. C References#Seacord 05]\]
A security flaw is a software defect that poses a potential security risk.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1a09fbd62d9010c2-9fa60d2b-4f8049f0-8a88b200-d586207bf214d5ffee553cea"><ac:parameter ac:name=""> security policy</ac:parameter></ac:structured-macro>
*security policy* \[[Internet Society 00|AA. C References#Internet Society 00]\]
A set of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c5d9e3b6bb455d96-2b2585a9-498446d8-b562a206-e13c5ca8961f472f07693e7e"><ac:parameter ac:name=""> undefined behavior</ac:parameter></ac:structured-macro>
*undefined behavior* \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\]
Behavior, upon use of a nonportable or erroneous program construct or of erroneous data, for which the standard imposes no requirements.  An example of undefined behavior is the behavior on integer overflow.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5dc9638cdbdd8892-91518b9c-44494e35-b6e19d09-f22b7d05a38a2d832a7cc30b"><ac:parameter ac:name=""> unspecified behavior</ac:parameter></ac:structured-macro>
*unspecified behavior* \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\]
Behavior where the standard provides two or more possibilities and imposes no further requirements on which is chosen in any instance.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="90cab84457000640-8e782081-4aa64f6e-be3293ee-20a752c20e67c41a03a8ef54"><ac:parameter ac:name=""> validation</ac:parameter></ac:structured-macro>
*validation* \[[IEC 61508-4|AA. C References#IEC 61508-4]\]
Confirmation by examination and provision of objective evidence that the particular requirements for a specific intended use are fulfilled.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d60dd22057c0014c-fa4dd42d-4eb5484e-b862bd40-7dd086d279476f6b702b01dc"><ac:parameter ac:name=""> verification</ac:parameter></ac:structured-macro>
*verification* \[[IEC 61508-4|AA. C References#IEC 61508-4]\]
Confirmation by examination and provision of objective evidence that the requirements have been fulfilled.

Wiki Markup
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b9220843d3735be7-7bde3fa3-43774f49-b6c49244-2b0894b8a930a85a7bac264f"><ac:parameter ac:name=""> verification<vulnerability</ac:parameter></ac:structured-macro>
*vulnerability* \[[Seacord 05|AA. C References#Seacord 05]\]
A vulnerability is a set of conditions that allows an attacker to violate an explicit or implicit security policy.