SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 76

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version 77

changes.mady.by.user Aaron Ballman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Updated the table content; added footnotes for functions which require some special reasoning.

...

Standard Library Functions

Following is an incomplete list are lists of C library functions to which this rule applies.

...

The following standard library functions take a pointer argument and a size argument, with the constraint that the pointer must point to a valid memory object of at least the number of bytes or wide characters (as appropriate) indicated by the size argument.

asctime_sctime_swcscpy_swcsncpywmemcpywmemmovewcscatwcsncatwcsnlen
fgets()freadfgetws()mbstowcs()*1fwritewcstombs()*1
mblenmbrtoc16()2memchrmbrtoc32()2memsetmbsrtowcs()1fgetwswcsrtombs()1
wmemchrmbtowc()2wmemsetmbrtowc()1mbrlenmblen()tmpnam_smbrlen()gets_s
memchr()getenv_swmemchr()memset_s()strerror_swmemset()strnlen_s
strftime()wcsftime()strxfrm()1wcsxfrm()1
strncat()2 wcsncat()2snprintf()vsnprintf()
swprintf()vswprintf()setvbuf()tmpnam_s()
snprintf_s()sprintf_s() vsnprintf_s()vsprintf_s()
gets_s() 

 

 

Library Functions That Take Two Pointers and an Integer

The following standard library functions take two pointer arguments and a size argument, with the constraint that both pointers must point to valid memory objects of at least the number of bytes or wide characters as appropriate, indicated by the size argument.

getenv_s()wctomb_s()mbstowcs_s()3
wcstombs_s()3memcpy_s()3memmove_s()3strncpy_s()3
strncat_s()3strtok_s()2strerror_s()strnlen_s()
asctime_s()ctime_s()snwprintf_s()swprintf_s()
vsnwprintf_s()vswprintf_s()wcsncpy_s()3wmemcpy_s()3
wmemmove_s()3wcsncat_s()3wcstok_s()2wcsnlen_s()
wcrtomb_s()mbsrtowcs_s()3wcsrtombs_s()3 

1 Take two pointers and an integer, but the integer only specifies the length of the output buffer. not the input buffer.
2 Takes two pointers and an integer, but the integer only specifies the length of the input buffer, not the output buffer.
3 Takes two pointers and two integers; each integer corresponds to the length of one of the pointers.

Library Functions That Take Two Pointers and an Integer

The following standard library functions take two pointer arguments and a size argument, with the constraint that both pointers must point to valid memory objects of at least the number of bytes or wide characters as appropriate, indicated by the size argument.

wcsrtombs
memcpy()wmemcpy()memmove()wmemmove()
strncpy()wcsncpy()memcmp()wmemcmp()
strncmp()wcsncmp()strcpy_s()wcscpy_s()
strcat_s()wcscat

mbtowc()

wctomb()

mbtowcs()

wcstombs()

memcpy()

memmove()

strncpy()

strncat()

memcmp()

strncmp()

strxfrm()

mbrtoc16()

mbrtoc32()

wcsncpy()

wmemcpy()

wmemmove()

wcsncat()

wcsncmp()

wcsxfrm()

wmemcmp()

mbrtowc()

wcrtomb()

mbsrtowcs()

wcsrtombs()

wctomb_s()

mbtowcs_s()

wcstombs_s()

memcpy_s()

memmove_s()

strcpy_s()

strncpy_s()

strcat_s()

strncat_s()

wcscpy_s()

wcsncpy_s()

wmemcpy_s()

wmemmove_s()

wcscat_s()

wcsncat_s()

wcrtomb_s()

mbsrtowcs_s()

_s()  

 Library Functions That Take a Pointer and Two Integers

The following standard library functions take a pointer argument and two size arguments, with the constraint that the pointer must point to a valid memory object containing at least as many bytes as the product of the two size arguments.

bsearch()qsort()bsearch_s()

qsort_s()

Standard Memory Allocation Functions

The following are the standard memory allocation functions that take a size integer argument and return a pointer.

aligned_alloc()

calloc()

malloc()

realloc()

Other Library Functions

memcpy()memmoveqsort()vsnprintfqsort_s()
vswprintffread()swprintffwrite()strftimememset_s()1

strxfrm()

snprintf()

 

*Both functions take more than one size_t argument. In such cases, the compliant code must be consistent with the purpose of these arguments. For example, in the case of fread():

Code Block
size_t fread(void *ptr, size_t size, size_t count, FILE *stream)

...

 

1 Takes a pointer and two size-related integers; the first size-related integer parameter specifies the size of the buffer, the second size-related integer parameter specifies the number of bytes to write within the buffer.

Standard Memory Allocation Functions

The following are the standard memory allocation functions that take a size integer argument and return a pointer.

aligned_alloc()

calloc() 

malloc()

realloc() 

Description

To guarantee that a library function does not construct an out-of-bounds pointer, programmers must heed the following rules when using functions that operate on pointed-to regions. These rules assume that func is a function, p and q are pointers, and n is an integer.

...

[ISO/IEC TS 17961]Programming Languages,Their Environments and System Software Interfaces

 

...