SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 120

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 121

changes.mady.by.user Gina DeCola

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This compliant solution tests the operands of the addition operation to ensure no overflow occurs, assuming two's complement representation.

...

This compliant solution works only on architectures that use two's complement representation. While most modern platforms use two's complement representation, it is best not to introduce unnecessary platform dependencies when practical (see MSC14-C. Do not introduce unnecessary platform dependencies).

...

This compliant solution tests the suspect operands of the subtraction operation to guarantee there is no possibility of signed overflow, presuming two's complement representation.

...

This compliant solution only works on architectures that use two's complement representation. While most modern platforms use two's complement representation, it is best not to introduce unnecessary platform dependencies when practical (see MSC14-C. Do not introduce unnecessary platform dependencies).

...

Division is between two operands of arithmetic type. Overflow can occur during two's-complement signed integer division when the dividend is equal to the minimum (negative) value for the signed integer type and the divisor is equal to —1— 1. Division operations are also susceptible to divide-by-zero errors (see INT33-C. Ensure that division and modulo operations do not result in divide-by-zero errors).

Noncompliant Code Example

This noncompliant code example can result in a signed integer overflow during the division of the signed operands sl1 and sl2 or in a divide-by-zero error. The IA-32 architecture, for example, requires that both conditions result in a fault, which can easily result in a denial-of-service attack.

...

Noncompliant Code Example

This noncompliant code example can result in a divide-by-zero or an overflow error during the modulo operation on the signed operands sl1 and sl2. Overflow can occur during a modulo operation when the dividend is equal to the minimum (negative) value for the signed integer type and the divisor is equal to —1— 1.

Code Block
bgColor#FFcccc
signed long sl1, sl2, result;

result = sl1 % sl2;

...

This compliant solution tests the suspect modulo operation operand to guarantee there is no possibility of a divide-by-zero error or an overflow error.

...