SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 88

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version 89

changes.mady.by.user Pranjal Jumde

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: merged DCL35-C

An application programming interface (API) specifies how a function is intended to be called. Calling a function with incorrect arguments can result in unexpected or unintended program behavior. Functions that are appropriately declared (as in DCL07-C. Include the appropriate type information in function declarators) will typically fail compilation if they are supplied with the wrong number or types of arguments. However, there are cases where supplying the incorrect arguments to a function will at best generate compiler warnings. These warnings should be resolved but do not prevent program compilation.(See MSC00-C. Compile cleanly at high warning levels.)

C identifies four distinct situations in which undefined behavior may arise as a result of invoking a function using a declaration that is incompatible with its definition or with incorrect types or numbers of arguments:

26

A pointer is used to call a function whose type is not compatible with the pointed-to type (6.3.2.3).

38

For a call to a function without a function prototype in scope, the number of arguments does not equal the number of parameters (6.5.2.2).

39

For call to a function without a function prototype in scope where the function is defined with a function prototype, either the prototype ends with an ellipsis or the types of the arguments after promotion are not compatible with the types of the parameters (6.5.2.2).

41

A function is defined with a type that is not compatible with the type (of the expression) pointed to by the expression that denotes the called function (6.5.2.2).

Noncompliant Code Example (Function Pointers)

...

ToolVersionCheckerDescription
GCC
Include Page
GCC_V
GCC_V
 

Can detect violation of this rule when the -Wstrict-prototypes flag is used. However, it cannot detect violations involving variadic functions, such as the open() example described earlier.

Compass/ROSE  

can detect some violations of this rule. In particular, it ensures that all calls to open() supply exactly two arguments if the second argument does not involve O_CREAT, and exactly three arguments if the second argument does involve O_CREAT.

LDRA tool suite

Include Page
LDRA_V
LDRA_V

41 D
98 S
170 S
496 S
576 S

Partially implemented.
PRQA QA-C
Include Page
PRQA_V
PRQA_V
3001
0674(C) 		Partially implemented.
Fortify SCAV. 5.0  
EDG   

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...