SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 49

changes.mady.by.user Robert Seacord (Manager)

Saved on

compared with

New Version 50

changes.mady.by.user Justin Pincar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by sciSpider (sch jbop) (X_X)@==(Q_Q)@

...

Code Block
bgColor#FFCCCC
char msg[100];
/* ... */
void report_error(char const char *error_msg) {
  char msg[80];
  /* ... */
  /* Assume error_msg isn't too long */
  strcpy(msg, error_msg);
  return;
}

int main(void) {
  /* ... */
  /* Ensure error_msg isn't too long */
  if (strlen(error_msg) >= sizeof( msg)) {
    error_msg[sizeof(msg) - 1] = '\0';
  }
  report_error(error_msg); /* oops! */
  /* ... */
}

...

Code Block
bgColor#ccccff
char system_msg[100];
/* ... */
void report_error(char const char *error_msg) {
  char default_msg[80];
  /* ... */
  /* Assume error_msg isn't too long */
  strcpy(system_msg, error_msg);
  return;
}
int main(void) {
  /* ... */
  /* Ensure error_msg isn't too long */
  if (strlen(error_msg) >= sizeof(system_msg)) {
    error_msg[sizeof(msg) - 1] = '\0';
  }
  report_error(error_msg); /* good */
 /* ... */
}

...

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

DCL01-A

1 ( low ) 1 (

unlikely )

2 ( medium )

P2

L3

Automated Detection

The LDRA tool suite V 7.6.0 is able to detect violations of this recommendation.

...