...
Use only signed char and unsigned char types for the storage and use of numeric values because it is the only portable way to guarantee the signedness of the character types. See STR00-C. Represent characters using an appropriate type for more information on representing characters.
...
This is a subtle error that results in a disturbingly broad range of potentially severe vulnerabilities. At the very least, this error can lead to unexpected numerical results on different platforms. Unexpected arithmetic values when applied to arrays or pointers can yield buffer overflows or other invalid memory access.
...
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| 93 S | Fully implemented. | |||||||
Fortify SCA | V. 5.0 |
| Can detect violations of this recommendation with the CERT C Rule Pack. | ||||||
Splint |
|
|
| ||||||
Compass/ROSE |
|
| Can detect violations of this recommendation. In particular, it flags any instance of a variable of type | ||||||
| charplan | Fully implemented. | |||||||
| PRQA QA·CQA-C |
| Partially implemented |
...
ISO/IEC 9899:2011 Section 6.2.5, "Types"
ISO/IEC TR 24772 "STR Bit representations"
MISRA Rule 6.2, "Signed and unsigned char type shall be used only for the storage and use of numeric values"
...