SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 188

changes.mady.by.user Lisa Robertson

Saved on

compared with

New Version 189

changes.mady.by.user Lisa Robertson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tool

Version

Checker

Description

 
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

LANG.MEM.BO
LANG.MEM.TO
MISC.MEM.NTERM
BADFUNC.BO.*

Buffer overrun
Type overrun
No space for null terminator
A collection of warning classes that report uses of library functions prone to internal buffer overflows

 

Compass/ROSE

 

 

Can detect violations of the rule. However, it is unable to handle cases involving strcpy_s() or manual string copies such as the one in the first example

 
Coverity6.5

STRING_OVERFLOW
STRING_SIZE
SECURE_CODING

Fully implemented

 

Fortify SCA

5.0

 

 

 

Klocwork

Include Page
Klocwork_V
Klocwork_V

NNTS.MIGHT
NNTS.MUST
SV.STRBO.BOUND_COPY.OVERFLOW
SV.STRBO.BOUND_COPY.UNTERM
SV.STRBO.BOUND_SPRINTF
SV.STRBO.UNBOUND_COPY
SV.STRBO.UNBOUND_SPRINTF

 

 

LDRA tool suite

Include Page
LDRA_V
LDRA_V

489 S, 109 D, 66 X, 70 X, 71 X

Partially implemented

 
Parasoft C/C++test9.5BD-PB-OVERFWR,SECURITY-12  
Polyspace Bug FinderR2016a Guarantee that storage for strings has sufficient space for character data and null terminator 

Splint

Include Page
Splint_V
Splint_V

 

 

 
PRQA QA-C
Include Page
PRQA QA-C_v
PRQA QA-C_v
warncall for 'gets'Partially implemented 

...