SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 115

changes.mady.by.user Jill Britton

Saved on

compared with

New Version 116

changes.mady.by.user Fred Long

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added information about the LZO vulnerability

...

A Linux kernel vmsplice exploit, described by Rafal Wojtczuk [Wojtczuk 2008], documents a vulnerability and exploit arising from a buffer overflow (caused by unsigned integer wrapping).

Don Bailey [Bailey 2014] describes an unsigned integer overflow vulnerability in the LZO compression algorithm which can be exploited in some implementations.

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

CERT C Secure Coding Standard

INT02-C. Understand integer conversion rules
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
ARR36-C. Do not subtract or compare two pointers that do not refer to the same array
ARR37-C. Do not add or subtract an integer to a pointer to a non-array object
CON08-C. Do not assume that a group of calls to independently atomic methods is atomic

CERT C++ Secure Coding StandardVOID INT30-CPP. Ensure that unsigned integer operations do not wrap
ISO/IEC TR 24772:2013Arithmetic Wrap-around Error [FIF]
MITRE CWECWE-190, Integer Overflow or Wraparound

Bibliography

[Bailey 2014]Raising Lazarus - The 20 Year Old Bug that Went to Mars
[Dowd 2006]Chapter 6, "C Language Issues" ("Arithmetic Boundary Conditions," pp. 211–223)
[ISO/IEC 9899:2011]6.2.5, "Types"
[Seacord 2013b]Chapter 5, "Integer Security"
[Viega 2005]Section 5.2.7, "Integer Overflow"
[VU#551436] 
[Warren 2002]Chapter 2, "Basics"
[Wojtczuk 2008] 
[xorl 2009]"CVE-2009-1385: Linux Kernel E1000 Integer Underflow"

...