SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 195

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 196

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#FFcccc
langc
signed long s_a;
signed long s_b;
signed long result;

void func(void) {
  /* initializeInitialize s_a and s_b */
  result = s_a % s_b;

  /* ... */
}

...

Code Block
bgColor#ccccff
langc
#include <limits.h>

 
signed long s_a;
signed long result;

void func(void) {
  if ((si1 < 0) || (si2 < 0) ||
      (si2 >= UWIDTH(signed long, ULONG_MAX)) ||
      (si1 > (INT_MAX >> si2))) {
    /* handleHandle error condition */
  } else {
    sresult = si1 << si2;
  }


  /* ... */
}

...

The C Standard defines the behavior of arithmetic on atomic signed integer types to use two's complement representation with silent wraparound on overflow; there are no undefined results. However, although defined, these results may be unexpected and therefore carry similar risks to unsigned integer wrapping (see INT30-C. Ensure that unsigned integer operations do not wrap). Consequently, signed integer overflow of atomic integer types should also be prevented or detected. 

...

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

INT32-C

highHigh

likelyLikely

highHigh

P9

L2

Automated Detection

Tool

Version

Checker

Description

Coverity6.5TAINTED_STATICFully Implemented

Fortify SCA

5.0

 

Can detect violations of this rule with CERT C Rule Pack. Specifically, it checks to ensure that the operand of a unary negation is compared to the type's minimum value immediately before the operation

LDRA tool suite

Include Page
LDRA_V
LDRA_V

43 D
493 S
494 S

Partially implemented
PRQA QA-C
Include Page
PRQA_V
PRQA_V

0278
0296
0297
2800

Fully implemented

...