SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 91

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 92

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Wiki Markup
The type {{size_t}} generally covers the entire address space. ISO/IEC TR 24731-1-2007 introduces a new type {{rsize_t}}, defined to be {{size_t}} but explicitly used to hold the size of a single object \[[Meyers 2004|AA. Bibliography#Meyers 2004]\]. In code that documents this purpose by using the type {{rsize_t}}, the size of an object can be checked to verify that it is no larger than {{RSIZE_MAX}}, the maximum size of a normal single object, which provides additional input validation for library functions. See guideline [STR07-C. Use TR 24731 for remediation of existing string manipulation code|STR07-C. Use TR 24731 for remediation of existing string manipulation code] for additional discussion of TR 24731-1.

Any variable that is used to represent the size of an object, including integer values used as sizes, indices, loop counters, and lengths, should be declared as rsize_t, if available, or otherwise as . Otherwise, it should be declared size_t.

Noncompliant Code Example

...

Declaring i to be of type rsize_t eliminates the possible integer overflow condition (in this example).   Also, the argument n is changed to be of type rsize_t to document additional validation in the form of a check against RSIZE_MAX.

...

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

INT01-C

medium

probable

medium

P8

L2

Automated Detection

Tool

Version

Checker

Description

Section

Fortify SCA

...

Section

V. 5.0

...

 

Section

will detect integer operations that cause overflow, but not all cases where size_t is not used

...

Section

Splint

Include Page
c:Splint_V
c:Splint_V

 

 

Section

...

Compass/ROSE

 

 

Section

can detect violations of this recommendation. In particular, it catches comparisons and operations where one operand is of type size_t or rsize_t and the other is not

...

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

Related Guidelines

This rule appears in the C++ Secure Coding Standard as : INT01-CPP. Use rsize_t or size_t for all integer values representing the size of an object.

Bibliography

Wiki Markup
\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 7.17, "Common definitions {{<stddef.h>}}", Section 7.20.3, "Memory management functions"
\[[ISO/IEC TR 24731-1:2007|AA. Bibliography#ISO/IEC TR 24731-1-2007]\]
\[[Meyers 2004|AA. Bibliography#Meyers 2004]\]

...