SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 59

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 60

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In this scenario, test_ptr() will return false when it should return true. The result of p_max - p_current is a ptrdiff_t with a mathematical value of INT_MAX + 10. However, on a 64-bit platform, if int is still 32 bits, then when p_max - p_current is stored into an int, the result will be a negative value of INT_MIN + 9. Now subscript_diff is less than elem_count and the comparison will fail.

Compliant Solution

...

In this compliant solution, we declare subscript_diff to be a ptrdiff_t:

...

bgColor#ffcccc
langc

...

(

...

On the 64-bit scenario, this code correctly returns true.

Compliant Solution (extended types)

In this compliant solution, we declare subscript_diff to be a intmax_t, which is, by definition, large enough to contain the difference between two pointers:

...

CERT C++ Secure Coding StandardINT15-CPP. Use intmax_t or uintmax_t for formatted IO on programmer-defined integer types
MITRE CWECWE-681, Incorrect conversion between numeric types

Bibliography

Dan Saks. Standard C's pointer difference type.
10/18/2007

http://www.eetimes.com/design/signal-processing-dsp/4007211/Standard-C-s-pointer-difference-typehttp://embedded-systems.com/columns/technicalinsights/202404371

Ptrdiff_t is evil
david_leblanc
2 Sep 2008 http://blogs.msdn.com/b/david_leblanc/archive/2008/09/02/ptrdiff-t-is-evil.aspx 

...