SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 24

changes.mady.by.user Robert Seacord

Saved on

compared with

New Version 25

changes.mady.by.user Robert Seacord (Manager)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#ccccff
long i = /* some expression that evaluates to the value 32767 */;
/* ... */
/* No test is necessary; i is known not to overflow. */
/* expression involving i + 1 */

Non-Compliant Code Example

Increasingly optimization techniques are being adopted that ignore the possibility of integer overflow to produce faster code. For example, in gcc versions 4.2 and later, code that performs length checks similar to the following:

Code Block
bgColor#ffcccc

char *buf;
size_t len = 1 << 30;
/* ... */
if (buf + len < buf) { /* length check */
  /* handle integer overflow error */
}

Wiki Markup
are optimized away; no object code to perform the check will appear in the resulting executable program \[[VU#162289|AA. C References#VU#162289]\].

Compliant Solution

Test for the possibility of overflow without performing the operation (see INT32-C. Ensure that integer operations do not result in an overflow for more information).

Code Block
bgColor#ccccff

char *buf;
size_t len = 1 << 30;
/* ... */
if (SIZE_MAX - len < buf) {  /* length check */
  /* handle integer overflow error */
}

Risk Assessment

Out of range integer values can result in fetches or stores from arbitrary memory locations and the execution of arbitrary code.

...

Wiki Markup
\[[Lions 96|AA. C References#Lions 96]\]
\[[VU#162289|AA. C References#VU#162289]\]

...

INT07-A. Use only explicitly signed or unsigned char type for numeric values      04. Integers (INT)       INT09-A. Ensure enumeration constants map to unique values