SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 19

changes.mady.by.user cjohns

Saved on

compared with

New Version 20

changes.mady.by.user Robert Seacord

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#ccccff
long i = /* some expression that evaluates to the value 32767 */;
/* ... */
/* No test is necessary; i is known not to overflow. */
/* expression involving i + 1 */

Non-Compliant Code Example

Increasingly optimization techniques are being adopted that ignore the possibility of integer overflow to produce faster code. For example, in gcc versions 4.2 and later, code that performs length checks similar to the following:

Code Block
bgColor#ffcccc

char *buf;
int len = 1<<30;
/* ... */
if (buf+len < buf) { /* length check */
   /* perform some manipulation on len */
}

Wiki Markup
are optimized away; no object code to perform the check will appear in the resulting executable program \[[VU#162289|AA. C References#VU#162289]\].

Risk Assessment

Out of range integer values can result in fetches or stores from arbitrary memory locations and the execution of arbitrary code.

...

Wiki Markup
\[[Lions 96|AA. C References#Lions 96]\]
\[[VU#162289|AA. C References#VU#162289]\]

...

INT07-A. Use only explicitly signed or unsigned char type for numeric values      04. Integers (INT)       INT09-A. Ensure enumeration constants map to unique values