SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 64

changes.mady.by.user Melanie Thompson

Saved on

compared with

New Version 65

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Noncompliant Code Example

C99 ( and C90 ) allows allow a pointer to be cast into and out of void *. As a result, it is possible to silently convert from one pointer type to another without the compiler diagnosing the problem by storing or casting a pointer to void * and then storing or casting it to the final type. In this noncompliant code example, the type checking system is circumvented due to the caveats of void pointers.

...

This example compiles without warning. However, v_pointer may can be aligned on a one-byte boundary.

...

Noncompliant Code Example

Many architectures requires require that pointers are correctly aligned when accessing objects bigger than a byte. There are, however, many places in system code where you receive unaligned data (e.g.for example, the network stacks) that needs to be copied to a properly aligned memory location, such as in this noncompliant code example.

...

Unfortunately, the behavior is undefined when you assign an unaligned value to a pointer that points to a type that need needs to be aligned. An implementation may notice, for example, that tmp and header must be aligned, so it may could use an inlined memcpy() that uses instructions that assumes aligned data.

...

Accessing a pointer or an object that is no longer on the correct access boundary can cause a program to crash or give wrong information, or may it can cause slow pointer accesses (if the architecture allows misaligned accesses).

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C++ Secure Coding Standard: EXP36-CPP. Do not convert pointers into more strictly aligned pointer types

ISO/IEC 9899:1999 Section 6.2.5, "Types"

ISO/IEC TR 24772 "HFC Pointer casting and pointer type changes"

MISRA Rules 11.2 and 11.3

Bibliography

Wiki Markup
[Walfridsson 2003] Krister Walfridsson. [Aliasing, pointer casts and gcc 3.3|http://mail-index.netbsd.org/tech-kern/2003/08/11/0001.html]. August, 2003.
\[[Bryant 2003|AA. Bibliography#Bryant 03]\]
\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 6.2.5, "Types"
\[[ISO/IEC PDTR 24772|AA. Bibliography#ISO/IEC PDTR 24772]\] "HFC Pointer casting and pointer type changes"
\[[MISRA 2004|AA. Bibliography#MISRA 04]\] Rules 11.2 and 11.3

...

EXP35-C. Do not access or modify an array in the result of a function call after a subsequent sequence point      03. Expressions (EXP)      EXP37-C. Call functions with the arguments intended by the API