SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 34

changes.mady.by.user Robert Seacord

Saved on

compared with

New Version 35

changes.mady.by.user Justin Pincar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by sciSpider (sch jbop) (X_X)@==(Q_Q)@

...

Code Block
bgColor#FFCCCC
#include <stdio.h>
#include <string.h>

char *(*fp) ();

int main(void) {
  char *c;
  fp = strchr;
  c = fp(12, 2);
  printf("%s\n", c);

}

Wiki Markup
Note that this example violates recommendation \[[DCL35-C. Do not convert a function pointer to a function of an incompatible type]\].

...

Code Block
bgColor#ccccff
#include <string.h>

char *(*fp) (char const char *, int);

int main(void) {
  char *c;
  fp = strchr;
  c = fp("Hello",'H');
  printf("%s\n", c);

}

Non-Compliant Code Example: (variadic functions)

Wiki Markup
The POSIX function {{open()}} \[[Open Group 04|AA. C References#Open Group 04]\] is a variadic function with the following prototype:

Code Block
int open(char const char *path, int oflag, ... );

Wiki Markup
The {{open()}} function accepts a third argument to determine a newly created file's access mode. If {{open()}} is used to create a new file and the third argument is omitted, the file may be created with unintended access permissions \[[FIO06-A. Create files with appropriate access permissions]\].

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Forward, Section 6.9.1, "Function definitions"
\[[Spinellis 06|AA. C References#Spinellis 06]\] Section 2.6.1, "Incorrect Routine or Arguments"