Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Use only signed char and unsigned char types for the storage and use of numeric values because it is the only portable way to guarantee the signedness of the character types. See STR00-C. Represent characters using an appropriate type for more information on representing characters.

...

This is a subtle error that results in a disturbingly broad range of potentially severe vulnerabilities. At the very least, this error can lead to unexpected numerical results on different platforms. Unexpected arithmetic values when applied to arrays or pointers can yield buffer overflows or other invalid memory access.

...

Tool

Version

Checker

Description

LDRA tool suite

Include Page
LDRA_V
LDRA_V

93 S
329 S
432 S
458 S

Fully implemented.

Fortify SCA

V. 5.0

 

Can detect violations of this recommendation with the CERT C Rule Pack.

Splint

Include Page
Splint_V
Splint_V

 

 

Compass/ROSE

 

 

Can detect violations of this recommendation. In particular, it flags any instance of a variable of type char (without a signed or unsigned qualifier) that appears in an arithmetic expression.

ECLAIR

Include Page
ECLAIR_V
ECLAIR_V

charplan

Fully implemented.

PRQA QA-C
Include Page
PRQA_V
PRQA_V
 

3711

3722
3733
3744
3755
3766
3777
3788
3850
3863
3911
3922
3933
3944
3955
3966
3977
3988
4050
4063

Partially implemented

Related Vulnerabilities

...

ISO/IEC 9899:2011 Section 6.2.5, "Types"

ISO/IEC TR 24772 "STR Bit representations"

MISRA Rule 6.2, "Signed and unsigned char type shall be used only for the storage and use of numeric values"

...