SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 49

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 50

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info
titleGenerated Content

This page is automatically generated from the "Automated Detection" sections in the individual guidelines. Do not modify this page directly.

Version number:
unknown

Checker

Guideline

C checkers

Guideline

 

ARR01-C. Do not apply the sizeof operator to a pointer when taking the size of an array

 

ARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer

 

ARR30-C. Do not form or use out-of-bounds pointers or array subscripts

 

ARR37-C. Do not add or subtract an integer to a pointer to a non-array object

 

ARR38-C. Guarantee that library functions do not form invalid pointers

 

CON33-C. Avoid race conditions when using library functions

 

DCL00-C. Const-qualify immutable objects 
DCL01-C. Do not reuse variable names in subscopes

 

DCL02-C. Use visually distinct identifiers

 

DCL03-C. Use a static assertion to test the value of a constant expression 
DCL05-C. Use typedefs of non-pointer types only 
DCL06-C. Use meaningful symbolic constants to represent literal values 
DCL11-C. Understand the type issues associated with variadic functions 
DCL13-C. Declare function parameters that are pointers to values not changed by the function as const

 

DCL23-C. Guarantee that mutually visible identifiers are unique

 
DCL30-C. Declare objects with appropriate storage durations 
DCL31-C. Declare identifiers before using them 
DCL23-C. Guarantee that mutually visible identifiers are unique
DCL37-C. Do not declare or define a reserved identifier 
DCL38-C. Use the correct syntax when declaring a flexible array member 

ENV01-C. Do not make assumptions about the size of an environment variable

 

ENV02-C. Beware of multiple environment variables with the same effective name

 

ENV30-C. Do not modify the object referenced by the return value of certain functions

 

ENV31-C. Do not rely on an environment pointer following an operation that may invalidate it

 

ENV32-C. All exit handlers must return normally

 

ENV33-C. Do not call system()

 

ENV34-C. Do not store pointers returned by certain functions

 

ERR05-C. Application-independent code should provide error detection without dictating error handling

 

ERR06-C. Understand the termination behavior of assert() and abort()

 

ERR30-C. Set errno to zero before calling a library function known to set errno, and check errno only after the function returns a value indicating failure

 

ERR32-C. Do not rely on indeterminate values of errno

 

ERR33-C. Detect and handle standard library errors

 

EXP02-C. Be aware of the short-circuit behavior of the logical AND and OR operators 
EXP05-C. Do not cast away a const qualification 
EXP44-C. Do not rely on side effects in operands to sizeof, _Alignof, or _Generic
EXP09-C. Use sizeof to determine the size of a type or variable 
EXP10-C. Do not depend on the order of evaluation of subexpressions or the order in which side effects take place 
EXP11-C. Do not make assumptions regarding the layout of structures with bit-fields 
EXP12-C. Do not ignore values returned by functions 

EXP14-C. Beware of integer promotion when performing bitwise operations on integer types smaller than int

 

EXP30-C. Do not depend on the order of evaluation for side effects

 

EXP32-C. Do not access a volatile object through a nonvolatile reference 
EXP33-C. Do not read uninitialized memory 
EXP34-C. Do not dereference null pointers 
EXP36-C. Do not cast pointers into more strictly aligned pointer types 
EXP37-C. Call functions with the correct number and type of arguments

 

EXP44-C. Do not rely on side effects in operands to sizeof, _Alignof, or _Generic

 
EXP45-C. Do not perform assignments in selection statements

 

FIO01-C. Be careful using functions that use file names for identification

 

FIO02-C. Canonicalize path names originating from tainted sources

 

FIO05-C. Identify files using multiple file attributes

 

FIO08-C. Take care when calling remove() on an open file

 

FIO09-C. Be careful with binary data when transferring data across systems

 

FIO11-C. Take care when specifying the mode parameter of fopen()

 

FIO13-C. Never push back anything other than one read character

 

FIO21-C. Do not create temporary files in shared directories

 

FIO22-C. Close files before spawning processes

 

FIO30-C. Exclude user input from format strings

 

FIO32-C. Do not perform operations on devices that are only appropriate for files

 

FIO34-C. Distinguish between characters read from a file and EOF or WEOF

 

FIO37-C. Do not assume that fgets() or fgetws() returns a nonempty string when successful

 

FIO38-C. Do not copy a FILE object

 

FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call

 

FIO42-C. Close files when they are no longer needed

 

FIO44-C. Only use values for fsetpos() that are returned from fgetpos()

 

FIO46-C. Do not access a closed file

 

FLP02-C. Avoid using floating-point numbers when precise computation is needed

 

FLP03-C. Detect and handle floating-point errors

 

FLP06-C. Convert integers to floating point for floating-point operations

 

FLP30-C. Do not use floating-point variables as loop counters

 

FLP34-C. Ensure that floating-point conversions are within range of the new type

EXP14-C. Beware of integer promotion when performing bitwise operations on integer types smaller than int

 

INT01-C. Use rsize_t or size_t for all integer values representing the size of an object 
INT05-C. Do not use input functions to convert character data if they cannot handle all possible inputs 
INT06-C. Use strtol() or a related function to convert a string token to an integer

 

INT07-C. Use only explicitly signed or unsigned char type for numeric values 
INT08-C. Verify that all integer values are in range

 

INT09-C. Ensure enumeration constants map to unique values 
INT10-C. Do not assume a positive remainder when using the % operator 
INT12-C. Do not make assumptions about the type of a plain int bit-field when used in an expression 
INT13-C. Use bitwise operators only on unsigned operands 
INT14-C. Avoid performing bitwise and arithmetic operations on the same data 
INT15-C. Use intmax_t or uintmax_t for formatted IO on programmer-defined integer types 
INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size 
INT30-C. Ensure that unsigned integer operations do not wrap 
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data 
INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors 
INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand 
INT36-C. Converting a pointer to integer or integer to pointer
FLP02-C. Avoid using floating-point numbers when precise computation is needed
FLP03-C. Detect and handle floating-point errors
FLP30-C. Do not use floating-point variables as loop counters
FLP06-C. Convert integers to floating point for floating-point operations
FLP34-C. Ensure that floating-point conversions are within range of the new type
ARR01-C. Do not apply the sizeof operator to a pointer when taking the size of an array
ARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
ARR37-C. Do not add or subtract an integer to a pointer to a non-array object
ARR38-C. Guarantee that library functions do not form invalid pointers
STR03-C. Do not inadvertently truncate a string
STR04-C. Use plain char for characters in the basic character set
STR05-C. Use pointers to const when referring to string literals
STR06-C. Do not assume that strtok() leaves the parse string unchanged
STR30-C. Do not attempt to modify string literals
STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string
STR34-C. Cast characters to unsigned char before converting to larger integer sizes
STR11-C. Do not specify the bound of a character array initialized with a string literal
STR37-C. Arguments to character-handling functions must be representable as an unsigned char 
MEM00-C. Allocate and free memory in the same module, at the same level of abstraction 
MEM01-C. Store a new value in pointers immediately after free() 
MEM02-C. Immediately cast the result of a memory allocation function call into a pointer to the allocated type 
MEM03-C. Clear sensitive information stored in reusable resources

 

MEM04-C. Beware of zero-length allocations 
MEM07-C. Ensure that the arguments to calloc(), when multiplied, do not wrap 
MEM30-C. Do not access freed memory 
MEM31-C. Free dynamically allocated memory when no longer needed
MEM33-C. Allocate and copy structures containing a flexible array member dynamically 
MEM34-C. Only free memory allocated dynamically 
MEM35-C. Allocate sufficient memory for an object

 

MSC01FIO01-C. Strive for logical completeness

 

MSC05-C. Do not manipulate time_t typed values directly

 

MSC17-C. Finish every set of statements associated with a case label with a break statement

 

MSC21-C. Use robust loop termination conditions

 

MSC30-C. Do not use the rand() function for generating pseudorandom numbers

 

POS01-C. Check for the existence of links when dealing with files

 

POS30-C. Use the readlink() function properly

 

POS33-C. Do not use vfork()

 

POS34-C. Do not call putenv() with a pointer to an automatic variable as the argument

 

POS35-C. Avoid race conditions while checking for the existence of a symbolic link

 

POS36-C. Observe correct revocation order while relinquishing privileges

 

POS54-C. Detect and handle POSIX library errors

Be careful using functions that use file names for identification
FIO02-C. Canonicalize path names originating from tainted sources
FIO05-C. Identify files using multiple file attributes
FIO08-C. Take care when calling remove() on an open file
FIO09-C. Be careful with binary data when transferring data across systems
FIO11-C. Take care when specifying the mode parameter of fopen()
FIO13-C. Never push back anything other than one read character
FIO21-C. Do not create temporary files in shared directories
FIO22-C. Close files before spawning processes
FIO30-C. Exclude user input from format strings
FIO32-C. Do not perform operations on devices that are only appropriate for files
FIO34-C. Distinguish between characters read from a file and EOF or WEOF
FIO37-C. Do not assume that fgets() or fgetws() returns a nonempty string when successful
FIO38-C. Do not copy a FILE object
FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call
FIO42-C. Close files when they are no longer needed
FIO44-C. Only use values for fsetpos() that are returned from fgetpos()
FIO46-C. Do not access a closed file
ENV01-C. Do not make assumptions about the size of an environment variable
ENV02-C. Beware of multiple environment variables with the same effective name
ENV30-C. Do not modify the object referenced by the return value of certain functions
ENV31-C. Do not rely on an environment pointer following an operation that may invalidate it
ENV32-C. All exit handlers must return normally
ENV33-C. Do not call system()
ENV34-C. Do not store pointers returned by certain functions 
SIG01-C. Understand implementation-specific details regarding signal handler persistence 
SIG30-C. Call only asynchronous-safe functions within signal handlers 
SIG31-C. Do not access shared objects in signal handlers 
SIG34-C. Do not call signal() from within interruptible signal handlers
ERR05-C. Application-independent code should provide error detection without dictating error handling
ERR06-C. Understand the termination behavior of assert() and abort()
ERR30-C. Set errno to zero before calling a library function known to set errno, and check errno only after the function returns a value indicating failure
ERR32

 

STR03-C. Do not inadvertently truncate a string

 

STR04-C. Use plain char for characters in the basic character set

 

STR05-C. Use pointers to const when referring to string literals

 

STR06-C. Do not assume that strtok() leaves the parse string unchanged

 

STR11-C. Do not specify the bound of a character array initialized with a string literal

 

STR30-C. Do not attempt to modify string literals

 

STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator

 

STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string

 

STR34-C. Cast characters to unsigned char before converting to larger integer sizes

rely on indeterminate values of errno
ERR33-C. Detect and handle standard library errors
CON33-C. Avoid race conditions when using library functions
MSC21-C. Use robust loop termination conditions
MSC01-C. Strive for logical completeness
MSC05-C. Do not manipulate time_t typed values directly
MSC17-C. Finish every set of statements associated with a case label with a break statement
MSC30-C. Do not use the rand() function for generating pseudorandom numbers
POS01-C. Check for the existence of links when dealing with files
POS30-C. Use the readlink() function properly
POS33-C. Do not use vfork()
POS34-C. Do not call putenv() with a pointer to an automatic variable as the argument
POS36-C. Observe correct revocation order while relinquishing privileges
POS35-C. Avoid race conditions while checking for the existence of a symbolic link
POS54-C. Detect and handle POSIX library errors

 

 STR37-C. Arguments to character-handling functions must be representable as an unsigned char