SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 68

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version 69

changes.mady.by.user Jill Britton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tool

Version

Checker

Description

Fortify SCA

V. 5.0

 

Can detect violations of this rule with the CERT C Rule Pack.

Compass/ROSE

 

 

Can detect violations of this rule by ensuring that operations are checked for overflow before being performed. Be mindful of exception INT30-EX2 because it excuses many operations from requiring validation, including all the operations that would validate a potentially dangerous operation. For instance, adding two unsigned ints together requires validation involving subtracting one of the numbers from UINT_MAX, which itself requires no validation because it cannot wrap.

PRQA QA·C
Include Page
PRQA_V
PRQA_V
 Partially implemented

Related Vulnerabilities

CVE-2009-1385 results from a violation of this rule. The value performs an unchecked subtraction on the length of a buffer and then adds that many bytes of data to another buffer [xorl 2009]. This can cause a buffer overflow, which allows an attacker to execute arbitrary code.

...