SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 34

changes.mady.by.user Robert Seacord

Saved on

compared with

New Version 35

changes.mady.by.user Robert Seacord

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This analysis also impacts STR03-A, STR07-A, and STR31-C.

...

Alternative Strategies

Testing

It would probably be prohibitively expensive to come up with the test cases by hand. Another option is to use a static analysis to generate the test inputs for char*. However, it would still have to generate the inputs for the other values. We would still have to specify whether the function allows open strings or can return open strings, so that the dynamic analysis knows whether to report a defect. Since we still have to write the specifications, this technique will not save developer time there.

...

Wiki Markup
\[[ISO/IEC 9899-1999:TC2|AA. C References#ISO/IEC 9899-1999TC2]\] Section 7.1.1, "Definitions of terms," and Section 7.21, "String handling <string.h>"
\[[Seacord 05|AA. C References#Seacord 05]\] Chapter 2, "Strings"
\[[ISO/IEC TR 24731-2006|AA. C References#ISO/IEC TR 24731-2006]\] Section 6.7.1.4, "The strncpy_s function"
\[[Schwarz 05|AA. C References#Schwarz 05]\]
\[[Seacord 05|AA. C References#Seacord 05]\] Chapter 2, "Strings"
\[[Viega 05|AA. C References#Viega 05]\] Section 5.2.14, "Miscalculated null termination"