SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 34

changes.mady.by.user Melanie Thompson

Saved on

compared with

New Version 35

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki Markup
Many functions accept pointers as arguments. If the function dereferences an invalid pointer (as in guidelinerule [EXP34-C. Do not dereference null pointers]) or reads or writes to a pointer that does not refer to an object, the results are [undefined|BB. Definitions#undefined]. Typically, the program will terminate abnormally when an invalid pointer is dereferenced, but it is possible for an invalid pointer to be dereferenced, and its memory changed, without abnormal termination \[[Jack 2007|AA. Bibliography#Jack 07]\]. Such programs can be difficult to debug because of the difficulty in determining if a pointer is valid.

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C++ Secure Coding Standard: MEM10-CPP. Define and use a pointer validation function

Bibliography

unmigrated-wiki-markup

\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 6.3.2.3, "Pointers"

MITRE CWE: CWE-20, "Insufficient Input Validation"

Bibliography

Wiki Markup
"
\[[Jack 2007|AA. Bibliography#Jack 07]\]
\[[MITRE 2007|AA. Bibliography#MITRE 07]\] [CWE ID 20|http://cwe.mitre.org/data/definitions/20.html], "Insufficient Input Validation"
\[[van Sprundel 2006|AA. Bibliography#van Sprundel 06]\]

...