SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 85

changes.mady.by.user Ankur Goyal

Saved on

compared with

New Version 86

changes.mady.by.user Ankur Goyal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: fixed xorl reference

...

INT31-EX1: C99 defines minimum ranges for standard integer types. For example, the minimum range for an object of type unsigned short int is 0 to 65,535, while the minimum range for int is --32,767 to +32,767. This means that it is not always possible to represent all possible values of an unsigned short int as an int-. However, on the IA-32 architecture, for example, the actual integer range is from ---2,147,483,648 to +2,147,483,647, meaning that it is quite possible to represent all the values of an unsigned short int as an int for this architecture. As a result, it is not necessary to provide a test for this conversion on IA-32. It is not possible to make assumptions about conversions without knowing the precision of the underlying types. If these tests are not provided, assumptions concerning precision must be clearly documented, as the resulting code cannot be safely ported to a system where these assumptions are invalid. A good way to document these assumptions is by using static assertions (see DCL03-C. Use a static assertion to test the value of a constant expression).

...

Wiki Markup
[CVE-2009-1376|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1376] results from a violation of this rule. In version 2.5. An5 of Pidgin, an unsigned integer ({{offset}}) is set to the value of a 64-bit unsigned integer, which can lead to truncation \[[xorl 2009|AA. C References#xorl 2009-1376http://xorl.wordpress.com/2009/05/28/cve-2009-1376-pidgin-msn-slp-integer-truncation/]\]. An attacker can execute arbitrary code by carefully choosing this value and causing a buffer overflow.

...

Wiki Markup
\[[Dowd 06|AA. C References#Dowd 06]\] Chapter 6, "C Language Issues" (Type Conversions, pp. 223-270)
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] 6.3, "Conversions"
\[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\] "FLC Numeric Conversion Errors"
\[[MISRA 04|AA. C References#MISRA 04]\] Rules 10.1, 10.3, 10.5, and 12.9
\[[MITRE 07|AA. C References#MITRE 07]\] [CWE ID 192|http://cwe.mitre.org/data/definitions/192.html], "Integer Coercion Error," [CWE ID 197|http://cwe.mitre.org/data/definitions/197.html], "Numeric Truncation Error," and [CWE ID 681|http://cwe.mitre.org/data/definitions/681.html], "Incorrect Conversion between Numeric Types"
\[[Seacord 05a|AA. C References#Seacord 05]\] Chapter 5, "Integers"
\[[Viega 05|AA. C References#Viega 05]\] Section 5.2.9, "Truncation error," Section 5.2.10, "Sign extension error," Section 5.2.11, "Signed to unsigned conversion error," and Section 5.2.12, "Unsigned to signed conversion error"
\[[Warren 02|AA. C References#Warren 02]\] Chapter 2, "Basics"
\[[xorl 2009|AA. C References#xorl 2009]\] ["CVE-2009-1376: Pidgin MSN SLP Integer Truncation"|http://xorl.wordpress.com/2009/05/28/cve-1376]\2009-1376-pidgin-msn-slp-integer-truncation/]

...

      04. Integers (INT)