SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 9

changes.mady.by.user Astha Singhal

Saved on

compared with

New Version 10

changes.mady.by.user Astha Singhal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0
Info
titleGenerated Content

This page is automatically generated from the "Automated Detection" sections in the individual guidelines. Do not modify this page directly.

Info
titleVersion number

V. 9.1

C checkers

CERT C Secure Coding Standard

ABR

ARR33-C. Guarantee that copies are made into storage of sufficient size

ABV.ITERATOR

ARR30-C. Do not form or use out of bounds pointers or array subscripts

ASSIGCOND.BOOL

MSC02-C. Avoid errors of omission

ASSIGCOND.CALL

EXP18-C. Do not perform assignments in selection statements

ASSIGCOND.CALL

MSC02-C. Avoid errors of omission

ASSIGCOND.GEN

EXP18-C. Do not perform assignments in selection statements

ASSIGCOND.GEN

MSC02-C. Avoid errors of omission

EFFECT

EXP16-C. Do not compare function pointers to constant values

EFFECT

MSC02-C. Avoid errors of omission

EFFECT

MSC12-C. Detect and remove code that has no effect

FNH.MIGHT

MEM34-C. Only free memory allocated dynamically

FNH.MUST

MEM34-C. Only free memory allocated dynamically

FUM.GEN.MIGHT

MEM34-C. Only free memory allocated dynamically

FUM.GEN.MUST

MEM34-C. Only free memory allocated dynamically

IF_DEF_IN_HEADER_DECL

DCL36-C. Do not declare an identifier with conflicting linkage classifications

IF_DUPL_HEADER

PRE08-C. Guarantee that header file names are unique

IF_MISS_DECL

DCL31-C. Declare identifiers before using them

IF_MULTI_DECL

DCL01-C. Do not reuse variable names in subscopes

IF_MULTI_DECL

DCL36-C. Do not declare an identifier with conflicting linkage classifications

IF_MULTI_DEF

DCL01-C. Do not reuse variable names in subscopes

IF_MULTI_KIND

DCL01-C. Do not reuse variable names in subscopes

INCORRECT.ALLOC_SIZE

EXP01-C. Do not take the size of a pointer to determine the size of the pointed-to type

LA_UNUSED

MSC01-C. Strive for logical completeness

LOCRET.*

DCL30-C. Declare objects with appropriate storage durations

LV_UNUSED.GEN

MSC07-C. Detect and remove dead code

MLK

MEM31-C. Free dynamically allocated memory exactly once

NNTS

STR03-C. Do not inadvertently truncate a null-terminated byte string

NNTS

STR32-C. Null-terminate byte strings as required

NNTS.TAINTED

STR02-C. Sanitize data passed to complex subsystems

NNTS.TAINTED

STR35-C. Do not copy data from an unbounded source to a fixed-length array

NPD.* RNPD.

EXP34-C. Do not dereference null pointers

PRECISION.LOSS

INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data

RETVOID.IMPLICIT

DCL31-C. Declare identifiers before using them

RH.LEAK

FIO42-C. Ensure files are properly closed when they are no longer needed

SEMICOL

EXP15-C. Do not place a semicolon on the same line as an if, for, or while statement

SV.CODE_INJECTION.SHELL_EXEC

ENV04-C. Do not call system() if you do not need a command processor

SV.CUDS.MISSING_ABSOLUTE_PATH

FIO02-C. Canonicalize path names originating from untrusted sources

SV.FIU.PERMISSIONS

POS36-C. Observe correct revocation order while relinquishing privileges

SV.FIU.PERMISSIONS

POS37-C. Ensure that privilege relinquishment is successful

SV.FMT_STR.BAD_SCAN_FORMAT

STR33-C. Size wide character strings correctly

SV.FMT_STR.

FIO00-C. Take care when creating format strings

SV.FMTSTR.GENERIC

FIO30-C. Exclude user input from format strings

SV.RVT.RETVAL_NOTTESTED

EXP12-C. Do not ignore values returned by functions

SV.STRBO.GETS

STR35-C. Do not copy data from an unbounded source to a fixed-length array

SV.TAINTED.FMTSTR

FIO30-C. Exclude user input from format strings

SV.TAINTED.INJECTION

ENV04-C. Do not call system() if you do not need a command processor

SV.TAINTED.INJECTION

STR02-C. Sanitize data passed to complex subsystems

SV.TAINTED.LOOP_BOUND

ARR30-C. Do not form or use out of bounds pointers or array subscripts

SV.TOCTOU.FILE_ACCESS

FIO01-C. Be careful using functions that use file names for identification

SV.USAGERULES.PERMISSIONS

POS36-C. Observe correct revocation order while relinquishing privileges

SV.USAGERULES.PERMISSIONS

POS37-C. Ensure that privilege relinquishment is successful

SV.USAGERULES.PROCESS_VARIANTS

POS33-C. Do not use vfork()

SV.USAGERULES.UNBOUNDED_STRING_COPY

STR35-C. Do not copy data from an unbounded source to a fixed-length array

SV.USAGERULES.UNINTENDED_COPY

MEM03-C. Clear sensitive information stored in reusable resources

UFM.DEREF.MIGHT

MEM30-C. Do not access freed memory

UFM.DEREF.MUST

MEM30-C. Do not access freed memory

UFM.FFM

MEM31-C. Free dynamically allocated memory exactly once

UFM.RETURN.MIGHT

MEM30-C. Do not access freed memory

UFM.RETURN.MUST

MEM30-C. Do not access freed memory

UFM.USE.MIGHT

MEM30-C. Do not access freed memory

UFM.USE.MUST

MEM30-C. Do not access freed memory

UNINIT.HEAP.MIGHT

EXP33-C. Do not reference uninitialized memory

UNINIT.HEAP.MUST

EXP33-C. Do not reference uninitialized memory

UNINIT.STACK.ARRAY.MIGHT

EXP33-C. Do not reference uninitialized memory

UNINIT.STACK.ARRAY.MUST

EXP33-C. Do not reference uninitialized memory

UNINIT.STACK.ARRAY.PARTIAL.MUST

EXP33-C. Do not reference uninitialized memory

UNINIT.STACK.MUST

EXP33-C. Do not reference uninitialized memory

UNREACH.*

MSC07-C. Detect and remove dead code

VA_UNUSED.*

MSC07-C. Detect and remove dead code