SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 138

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version 139

changes.mady.by.user Jill Britton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

ToolVersionCheckerDescription
Compass/ROSE  

Can detect some violations of this rule. In particular, it ensures that all calls to open() supply exactly two arguments if the second argument does not involve O_CREAT, and exactly three arguments if the second argument does involve O_CREAT

ECLAIR

Include Page
ECLAIR_V
ECLAIR_V

CC2.EXP37

Partially implemented

EDG   
Fortify SCA5.0  
GCC
Include Page
GCC_V
GCC_V
 

Can detect violation of this rule when the -Wstrict-prototypes flag is used. However, it cannot detect violations involving variadic functions, such as the open() example described earlier

LDRA tool suite

Include Page
LDRA_V
LDRA_V

41 D
98 S
170 S
496 S
576 S

Partially implemented
PRQA QA-C
Include Page
PRQA QA-C_Vv
PRQA QA-C_V
3001
0674(C)
v
1331,1332,1333,3002,3320,3335Partially implemented

Related Vulnerabilities

...

CERT C Secure Coding Standard

DCL07-C. Include the appropriate type information in function declarators
MSC00-C. Compile cleanly at high warning levels
FIO06-C. Create files with appropriate access permissions

CERT C++ Secure Coding StandardVOID EXP37-CPP. Call variadic functions with the arguments intended by the API
ISO/IEC TR 24772:2013Subprogram Signature Mismatch [OTR]
ISO/IEC TS 17961Calling functions with incorrect arguments [argcomp]
MISRA C:2012Rule 8.2 (required)
Rule 17.3 (mandatory)
MITRE CWE

CWE-628, Function Call with Incorrectly Specified Arguments
CWE-686, Function Call with Incorrect Argument Type

...