SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 117

changes.mady.by.user Robert Seacord (Manager)

Saved on

compared with

New Version 118

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Don Bailey [Bailey 2014] describes an unsigned integer wrap vulnerability in the LZO compression algorithm which can be exploited in some implementations.

CVE-2014-4377 describes a vulnerability in iOS 7.1 resulting from a multiplication operation that wraps, producing an insufficiently small value to pass to a memory allocation routine, which is subsequently overflowed.

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

CERT C Secure Coding Standard

INT02-C. Understand integer conversion rules
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
ARR36-C. Do not subtract or compare two pointers that do not refer to the same array
ARR37-C. Do not add or subtract an integer to a pointer to a non-array object
CON08-C. Do not assume that a group of calls to independently atomic methods is atomic

CERT C++ Secure Coding StandardVOID INT30-CPP. Ensure that unsigned integer operations do not wrap
ISO/IEC TR 24772:2013Arithmetic Wrap-around Error [FIF]
MITRE CWECWE-190, Integer Overflow or Wraparound

...