SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 3

changes.mady.by.user Astha Singhal

Saved on

compared with

New Version 4

changes.mady.by.user Astha Singhal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Tool page update by script updateToolInfo
Info
titleGenerated Content

This page is automatically generated from the "Automated Detection" sections in the individual guidelines. Do not modify this page directly.

Info
titleVersion number

V. 9.1

C checkers

CERT C Secure Coding Standard

UFM.DEREF.MUST

MEM30-C. Do not access freed memory

UNINIT.STACK.ARRAY.PARTIAL.MUST

EXP33-C. Do not reference uninitialized memory

SV.TAINTED.LOOP_BOUND

ARR30-C. Do not form or use out of bounds pointers or array subscripts

FUM.GEN.MIGHT

MEM34-C. Only free memory allocated dynamically

SV.STRBO.GETS

STR35-C. Do not copy data from an unbounded source to a fixed-length array

SV.RVT.RETVAL_NOTTESTED

EXP12-C. Do not ignore values returned by functions

SV.FMTSTR.GENERIC

FIO30-C. Exclude user input from format strings

UFM.RETURN.MUST

MEM30-C. Do not access freed memory

UNINIT.STACK.ARRAY.MUST

EXP33-C. Do not reference uninitialized memory

IF_DUPL_HEADER

PRE08-C. Guarantee that header file names are unique

UFM.FFM

MEM31-C. Free dynamically allocated memory exactly once

LOCRET.*

DCL30-C. Declare objects with appropriate storage durations

ASSIGCOND.GEN

MSC02-C. Avoid errors of omission

ASSIGCOND.CALL

MSC02-C. Avoid errors of omission

UNINIT.STACK.ARRAY.MIGHT

EXP33-C. Do not reference uninitialized memory

SV.CUDS.MISSING_ABSOLUTE_PATH

FIO02-C. Canonicalize path names originating from untrusted sources

UFM.USE.MIGHT

MEM30-C. Do not access freed memory

FNH.MIGHT

MEM34-C. Only free memory allocated dynamically

PRECISION.LOSS

INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data

ABV.ITERATOR

ARR30-C. Do not form or use out of bounds pointers or array subscripts

SV.FIU.PERMISSIONS

POS37-C. Ensure that privilege relinquishment is successful

IF_MULTI_KIND

DCL01-C. Do not reuse variable names in subscopes

UFM.RETURN.MIGHT

MEM30-C. Do not access freed memory

NPD.* RNPD.

EXP34-C. Do not dereference null pointers

LV_UNUSED.GEN

MSC07-C. Detect and remove dead code

SV.FMT_STR.BAD_SCAN_FORMAT

STR33-C. Size wide character strings correctly

ASSIGCOND.BOOL

MSC02-C. Avoid errors of omission

SV.USAGERULES.PERMISSIONS

POS37-C. Ensure that privilege relinquishment is successful

SV.TAINTED.INJECTION

STR02-C. Sanitize data passed to complex subsystems

MLK

MEM31-C. Free dynamically allocated memory exactly once

UNINIT.HEAP.MUST

EXP33-C. Do not reference uninitialized memory

EFFECT

MSC12-C. Detect and remove code that has no effect

SV.USAGERULES.PROCESS_VARIANTS

POS33-C. Do not use vfork()

IF_MULTI_DECL

DCL36-C. Do not declare an identifier with conflicting linkage classifications

ABR

ARR33-C. Guarantee that copies are made into storage of sufficient size

IF_MULTI_DEF

DCL01-C. Do not reuse variable names in subscopes

NNTS.TAINTED

STR35-C. Do not copy data from an unbounded source to a fixed-length array

UNINIT.HEAP.MIGHT

EXP33-C. Do not reference uninitialized memory

IF_DEF_IN_HEADER_DECL

DCL36-C. Do not declare an identifier with conflicting linkage classifications

SV.USAGERULES.UNBOUNDED_STRING_COPY

STR35-C. Do not copy data from an unbounded source to a fixed-length array

FUM.GEN.MUST

MEM34-C. Only free memory allocated dynamically

UFM.USE.MUST

MEM30-C. Do not access freed memory

SV.TAINTED.FMTSTR

FIO30-C. Exclude user input from format strings

SV.TOCTOU.FILE_ACCESS

FIO01-C. Be careful using functions that use file names for identification

UFM.DEREF.MIGHT

MEM30-C. Do not access freed memory

FNH.MUST

MEM34-C. Only free memory allocated dynamically

SEMICOL

MSC03-C. Avoid errors of addition

SV.CODE_INJECTION.SHELL_EXEC

ENV04-C. Do not call system() if you do not need a command processor

LA_UNUSED

MSC01-C. Strive for logical completeness

VA_UNUSED.*

MSC07-C. Detect and remove dead code

RETVOID.IMPLICIT

DCL31-C. Declare identifiers before using them

UNINIT.STACK.MUST

EXP33-C. Do not reference uninitialized memory

INCORRECT.ALLOC_SIZE

EXP01-C. Do not take the size of a pointer to determine the size of the pointed-to type

RH.LEAK

FIO42-C. Ensure files are properly closed when they are no longer needed

UNREACH.*

MSC07-C. Detect and remove dead code

IF_MISS_DECL

DCL31-C. Declare identifiers before using them

SV.USAGERULES.UNINTENDED_COPY

MEM03-C. Clear sensitive information stored in reusable resources

NNTS

STR32-C. Null-terminate byte strings as required