SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 60

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 61

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The following noncompliant code demonstrates the perils of operating on data of incompatible types. An attempt is made to increment an integer type cast to a floating point type , and a floating point cast to an integer type.

...

The expected result is for both values to display as 1, ; however, on a 64-bit Linux machine, this program produces:

...

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

EXP11-C

medium

probable

medium

P8

L2

Automated Detection

Tool

Version

Checker

Description

Section

Compass/ROSE

 

 

Section

can detect violations of this recommendation. Specifically, it reports violations if:

  • A pointer to one object is type cast to the pointer of a different object
  • The pointed-to object of the (type cast) pointer is then modified arithmetically.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this recommendation on the CERT website.

Other Languages

Related Guidelines

This recommendation appears in the C++ Secure Coding Standard as : EXP11-CPP. Do not apply operators expecting one type to data of an incompatible type.

Bibliography

Wiki Markup
\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 6.7.2, "Type specifiers"
\[[ISO/IEC PDTR 24772|AA. Bibliography#ISO/IEC PDTR 24772]\] "STR Bit Representations"
\[[MISRA 042004|AA. Bibliography#MISRA 04]\] Rule 3.5
\[[Plum 851985|AA. Bibliography#Plum 85]\] Rule 6-5

...