SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 153

changes.mady.by.user Robert Seacord

Saved on

compared with

New Version 154

changes.mady.by.user Robert Seacord

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

 

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

ALLOC.SIZE.TRUNC

LANG.CAST.COERCE

LANG.CAST.VALUE

MISC.MEM.SIZE.TRUNC

Truncation of Allocation Size

Coercion Alters Value

Cast Alters Value

Truncation of Size

Compass/ROSE

  

Can detect violations of this rule. However, false warnings may be raised if limits.h is included

Coverity*

Include Page
Coverity_V
Coverity_V

NEGATIVE_RETURNS


REVERSE_NEGATIVE


MISRA_CAST

Can find array accesses, loop bounds, and other expressions that may contain dangerous implied integer conversions that would result in unexpected behavior

Can find instances where a negativity check occurs after the negative value has been used for something else

Can find instances where an integer expression is implicitly converted to a narrower integer type, where the signedness of an integer value is implicitly converted, or where the type of a complex expression is implicitly converted

 Cppcheck 
Include Page
Cppcheck_V
Cppcheck_V
 memsetValueOutOfRangeThe 2nd argument to memset() cannot be represented as unsigned char.

Fortify SCA

5.0

 

Can detect violations of this rule with CERT C Rule Pack

Klocwork

Include Page
Klocwork_V
Klocwork_V

PRECISION.LOSS

 

LDRA tool suite

Include Page
LDRA_V
LDRA_V

93 S
433 S
434 S

Fully implemented
PRQA QA-C
Include Page
PRQA QA-C_v
PRQA QA-C_v

2850,2851,2852,2853,2900,2901,2902,2903,

2905,2906,2907,2908, 2855, 2856, 2857, 2858,

2890, 2891, 2892, 2893, 2895, 2896, 2897, 2898

Partially implemented SonarQube
Include Page
PRQA SonarQube_vPRQA SonarQube_v c-cppcheck:memsetValueOutOfRange The 2nd argument to memset() cannot be represented as unsigned char.

* Coverity Prevent cannot discover all violations of this rule, so further verification is necessary.

...

CERT C Secure Coding StandardDCL03-C. Use a static assertion to test the value of a constant expression
INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
CERT C++ Secure Coding StandardVOID INT31-CPP. Ensure that integer conversions do not result in lost or misinterpreted data
CERT Oracle Secure Coding Standard for JavaNUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data
ISO/IEC TR 24772:2013Numeric Conversion Errors [FLC]
MISRA C:2012

Rule 10.1 (required)
Rule 10.3 (required)
Rule 10.4 (required)
Rule 10.6 (required)
Rule 10.7 (required)

MITRE CWECWE-192, Integer Coercion Error
CWE-197, Numeric Truncation Error
CWE-681, Incorrect Conversion between Numeric Types

...

[Dowd 2006]Chapter 6, "C Language Issues" ("Type Conversions," pp. 223–270)
[ISO/IEC 9899:2011]6.3.1.3, "Signed and Unsigned Integers"
[Jones 2008]Section 6.2.6.2, "Integer Types"
[Seacord 2013b]Chapter 5, "Integer Security"
[Viega 2005]Section 5.2.9, "Truncation Error"
Section 5.2.10, "Sign Extension Error"
Section 5.2.11, "Signed to Unsigned Conversion Error"
Section 5.2.12, "Unsigned to Signed Conversion Error"
[Warren 2002]Chapter 2, "Basics"
[xorl 2009]"CVE-2009-1376: Pidgin MSN SLP Integer Truncation"

 

...