SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 15

changes.mady.by.user Elpiniki Tsakalaki

Saved on

compared with

New Version 16

changes.mady.by.user Elpiniki Tsakalaki

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This noncompliant code example generates a sequence of 10 pseudorandom numbers using the rand() function. When rand() is not seeded, it uses 1 as a default seed. No matter how many times this code is executed, it always produces the same sequence.

Code Block
bgColor#FFCCCC
int i=0;
for (int i=0; i<10; i++) {
    printf("%d\n, ", rand()); /* Always generates the same sequence */
}
output:
1st run: 41, 18467, 6334, 26500, 19169, 15724, 11478, 29358, 26962, 24464
2nd run: 41, 18467, 6334, 26500, 19169, 15724, 11478, 29358, 26962, 24464
...
nth run: 41, 18467, 6334, 26500, 19169, 15724, 11478, 29358, 26962, 24464

...

Use srand() before rand() to seed the random sequence generated by rand(). The code produces a different 10 random number sequence sequences at different calls.

Code Block
bgColor#ccccff
srand(time(NULL)); /* Create seed based on current time counted as seconds from 01/01/1970 */
int i=0;
for (int i=0; i<10; i++) {
    printf("%d\n, ", rand()); /* Generates different sequences at different runs */
}

output:
1st run: 25121, 15571, 29839, 2454, 6844, 10186, 27534, 6693, 12456, 5756
2nd run: 25134, 25796, 2992, 403, 15334, 25893, 7216, 27752, 12966, 13931
3rd run: 25503, 27950, 22795, 32582, 1233, 10862, 31243, 24650, 11000, 7328
...

Noncompliant Code Example

This noncompliant code example generates a sequence of 10 pseudorandom numbers using the random() function. When random()}}is not seeded, it behaves like {{rand(), thus produces the same sequence of random numbers at different calls.

Code Block
bgColor#FFCCCC

int i=0;
for (i=0; i<10; i++) {
    printf("%d, ", random()); /* Always generates the same sequence */
}
output:
1st run: 1804289383, 846930886, 1681692777, 1714636915, 1957747793, 424238335, 719885386, 1649760492, 596516649, 1189641421
2nd run: 1804289383, 846930886, 1681692777, 1714636915, 1957747793, 424238335, 719885386, 1649760492, 596516649, 1189641421
...
nth run: 1804289383, 846930886, 1681692777, 1714636915, 1957747793, 424238335, 719885386, 1649760492, 596516649, 1189641421

Compliant Solution (POSIX)

Use srandom() before random() to seed the random sequence generated by random(). The code produces different random number sequences at different calls.

Code Block
bgColor#ccccff

srandom(time(NULL)); /* Create seed based on current time counted as seconds from 01/01/1970 */
int i=0;
for (i=0; i<10; i++) {
    printf("%d, ", random()); /* Generates different sequences at different runs */
}

output:
1st run: 198682410, 2076262355, 910374899, 428635843, 2084827500, 1558698420, 4459146, 733695321, 2044378618, 1649046624
2nd run: 1127071427, 252907983, 1358798372, 2101446505, 1514711759, 229790273, 954268511, 1116446419, 368192457, 1297948050
3rd run: 2052868434, 1645663878, 731874735, 1624006793, 938447420, 1046134947, 1901136083, 418123888, 836428296, 2017467418
...


Risk Assessment

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MSC18-C

 

likely

 

 

 

...