SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 118

changes.mady.by.user Liz Whiting

Saved on

compared with

New Version 119

changes.mady.by.user Sandy Shrum

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

LANG.MEM.BO
LANG.MEM.BU
BADFUNC.BO.*

Buffer overrun
Buffer underrun
A collection of warning classes that report uses of library functions prone to internal buffer overflows.

Compass/ROSE

 

 

 

Coverity6.5BUFFER_SIZEFully implemented

Fortify SCA

5.0

 

Can detect violations of this rule with CERT C Rule Pack

Klocwork

Include Page
Klocwork_V
Klocwork_V

ABR

 

LDRA tool suite
Include Page
LDRA_V
LDRA_V
64 X, 66 X, 68 X, 69 X, 70 X, 71 XPartially Implmented
PRQA QA-C
Include Page
PRQA QA-C_v
PRQA QA-C_v

2845, 2846, 2847, 2848, 2849, 2930, 2932, 2933, 2934

Fully implemented

Splint

Include Page
Splint_V
Splint_V

 

 

...

C Secure Coding StandardAPI00-C. Functions should validate their parameters
ARR01-C. Do not apply the sizeof operator to a pointer when taking the size of an array
INT30-C. Ensure that unsigned integer operations do not wrap
ISO/IEC TS 17961:2013Forming invalid pointers by library functions [libptr]
ISO/IEC TR 24772:2013

Buffer Boundary Violation (Buffer Overflow) [HCB]
Unchecked Array Copying [XYW]

MITRE CWE

 

CWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-121, Stack-based Buffer Overflow
CWE-123, Write-what-where Condition
CWE-125, Out-of-bounds Read
CWE-805, Buffer Access with Incorrect Length Value 

...