SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 68

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 69

changes.mady.by.user Lisa Robertson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

LANG.MEM.BO
LANG.MEM.TO
(general)

Buffer overrun
Type overrun
CodeSonar's taint analysis includes handling for taint introduced through the environment

Compass/ROSE

 

 

Can detect violations of the rule by using the same method as STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator

Klocwork
Include Page
Klocwork_V
Klocwork_V
ABV.ANY_SIZE_ARRAY
ABV.GENERAL
ABV.ITERATOR
ABV.MEMBER
ABV.STACK
ABV.TAINTED
ABV.UNKNOWN_SIZE
ABV.UNICODE.BOUND_MAP
ABV.UNICODE.FAILED_MAP
ABV.UNICODE.NNTS_MAP
ABV.UNICODE.SELF_MAP		 
Parasoft C/C++test9.5SECURITY-07, SECURITY-12, BD-PB-OVERFWR 
Polyspace Bug FinderR2016a

Destination buffer overflow in string manipulation

Tainted NULL or non-null-terminated string

Use of dangerous standard function

Function writes to buffer at offset greater than buffer size

Argument is from an unsecure source and may be NULL or not NULL-terminated

Dangerous functions cause possible buffer overflow in destination buffer

...