SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 152

changes.mady.by.user Aaron Ballman

Saved on

compared with

New Version 153

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: some FIO34-C-related changes

...

After the loop ends, if feof(stdin) != 0, the loop has read through to the end of the file without encountering a newline character. Similarly, if ferror(stdin) != 0, a read error occurred before the loop encountered a newline character, and if chars_read > index, the input string has been truncated. void FIO34-C. Use int to capture the return value of character IO functions that might be used to check for end of fileDo not compare characters from a file with EOF is also applied in this solution.

...

Code Block
while (((ch = getchar()) != '\n') && ch != EOF)

...

feof(stdin)

...

 && !ferror(stdin))

Noncompliant Code Example (scanf())

...

CERT C Secure Coding Standard

STR03-C. Do not inadvertently truncate a string
STR07-C. Use the bounds-checking interfaces for remediation of existing string manipulation code
MSC24-C. Do not use deprecated or obsolescent functions
MEM00-C. Allocate and free memory in the same module, at the same level of abstraction
void FIO34-C. Use int to capture the return value of character IO functions that might be used to check for end of file
void FIO35-C. Use feof() and ferror() to detect end-of-file and file errors when sizeof(int) == sizeof(char)Do not compare characters from a file with EOF

CERT C++ Secure Coding StandardSTR31-CPP. Guarantee that storage for character arrays has sufficient space for character data and the null terminator
ISO/IEC TR 24772:2013String Termination [CJM]
Buffer Boundary Violation (Buffer Overflow) [HCB]
Unchecked Array Copying [XYW]
ISO/IEC TS 17961

Using a tainted value to write to an object using a formatted input or output function [taintformatio]
Tainted strings are passed to a string copying function [taintstrcpy]

MITRE CWECWE-119, Failure to constrain operations within the bounds of an allocated memory buffer
CWE-120, Buffer copy without checking size of input ("classic buffer overflow")
CWE-193, Off-by-one error

...