SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 20

changes.mady.by.user Astha Singhal

Saved on

compared with

New Version 21

changes.mady.by.user Astha Singhal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

UB

Description

Example Code

43

Addition or subtraction of a pointer into, or just beyond, an array object and an integer type produces a result that does not point into, or just beyond, the same array object.

#Forming Out Of Bounds Pointer

44

Addition or subtraction of a pointer into, or just beyond, an array object and an integer type produces a result that points just beyond the array object and is used as the operand of a unary * operator that is evaluated.

#Dereferencing Past The End Pointer, #Using Past The End Index

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="63817f717dfdb864-08b2fc2e-44434991-9003b2c3-9c88f7d795a49a0d5fa751d3"><ac:plain-text-body><![CDATA[

[46

CC. Undefined Behavior#ub_46]

An array subscript is out of range, even if an object is apparently accessible with the given subscript (as in the lvalue expression a[1][7] given the declaration int a[4][5]).

[#Apparently Accessible Out Of Range Index]

]]></ac:plain-text-body></ac:structured-macro>

59

An attempt is made to access, or generate a pointer to just past, a flexible array member of a structure when the referenced object provides no elements for that array.

#Pointer Past Flexible Array Member

103

The pointer passed to a library function array parameter does not have a value such that all address computations and object accesses are valid.

#Invalid Access By Library Function

...

Tool

Version

Checker

Description

Section

Coverity Prevent

Include Page
c:Coverity_V
c:Coverity_V
Section

ARRAY_VS_SINGLETON

Section

can detect the access of memory past the end of a memory buffer/array

Section

Coverity Prevent

Include Page
c:Coverity_V
c:Coverity_V
Section

NEGATIVE_RETURNS

Section

can detect when the loop bound may become negative

Section

Coverity Prevent

Include Page
c:Coverity_V
c:Coverity_V
Section

OVERRUN_STATIC OVERRUN_DYNAMIC

Section

can detect the out of bound read/write to array allocated statically or dynamically

Section

Klocwork

Include Page
c:Klocwork_V
c:Klocwork_V
Section

ABV.ITERATOR SV.TAINTED.LOOP_BOUND

 

Section

Compass/ROSE

 

 

Section

could be configured to catch violations of this rule. The way to catch the NCE is to first hunt for example code that follows this pattern:

Code Block
for (LPWSTR pwszTemp = pwszPath + 2; *pwszTemp != L'\\'; *pwszTemp++;)

In particular, the iteration variable is a pointer, it gets incremented, and the loop condition does not set an upper bound on the pointer.

Once this case is handled, we can handle cases like the real NCE, which is effectively the same semantics, just different syntax.

Section

LDRA tool suite

Include Page
c:LDRA_V
c:LDRA_V
Section

47 S
476 S
64 X
68 X
69 X

Section

Partially Implemented

Related Vulnerabilities

Wiki Markup
[CVE-2008-1517|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1517] results from a violation of this rule. Before Mac OSX version 10.5.7, the xnu kernel accessed an array at an unverified, user-input index, allowing an attacker to execute arbitrary code by passing an index greater than the length of the array and therefore accessing outside memory \[[xorl 2009|http://xorl.wordpress.com/2009/06/09/cve-2008-1517-apple-mac-os-x-xnu-missing-array-index-validation/]\].

...