Platform dependencies may be introduced to improve performance on a particular platform. This can be a dangerous practice, particularly if these dependencies are not appropriately documented during development and addressed during porting. Platform dependencies that have no performance or other benefits should consequently be avoided because they may introduce errors during porting.
The C Standard [ISO/IEC 9899:2011] identifies four different kinds of nonportable behavior. Each section of Annex J of the C Standard enumerates distinct instances of behaviors of each kind.
...
An example of undefined behavior is passing a null char* pointer as an argument to the printf function corresponding to the %s format specification. Although some implementations (such as the GNU C Library) provide well-defined semantics for this case, others do not and cause , causing programs that rely on this behavior to fail abnormally.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
unsigned int ui1, ui2, sum;
if (~ui1 < ui2) {
/* handleHandle error condition */
}
sum = ui1 + ui2;
|
This code assumes that the implementation uses two's complement representation. This assumption is commonly true but is not guaranteed by the standard.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
unsigned int ui1, ui2, sum;
if (UINT_MAX - ui1 < ui2) {
/* handleHandle error condition */
}
sum = ui1 + ui2;
|
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
...
...
...
| Unspecified Behaviour [BQF] |
Bibliography
...
| 2013] | Chapter 5, " |
...
| Integer Security" |
...