Page History

...

This compliant solution performs a postcondition test to ensure that the result of the unsigned addition operation to i is not less than the operand a. However However, this code contains a race condition where i can be modified after the addition, but prior to the atomic load. This This solution is only compliant if i is guaranteed to only be access by a single thread. See CON43 See CON08-C. Do not assume that a group of calls to independently atomic methods is atomic for more information.

Code Block

bgColor	#ccccff
lang	c

#include <stdatomic.h>
 
atomic_uint i;

void func(unsigned int a) {
  atomic_fetch_add(&i, a);
  if (atomic_load(&i) < a) {
    /* Handle error condition */
  }
  /* ... */
}

Exceptions

...

CERT C Secure Coding Standard	INT02-C. Understand integer conversion rules ARR30-C. Do not form or use out of bounds pointers or array subscripts ARR36-C. Do not subtract or compare two pointers that do not refer to the same array ARR37-C. Do not add or subtract an integer to a pointer to a non-array object CON43CON08-C. Do not assume that a group of calls to independently atomic methods is atomic
CERT C++ Secure Coding Standard	INT30-CPP. Ensure that unsigned integer operations do not wrap
ISO/IEC TR 24772:2013	Arithmetic Wrap-around Error [FIF]
MITRE CWE	CWE-190, Integer overflow (wrap or wraparound)

...

Space shortcuts

Page tree

Versions Compared

Old Version 99

New Version 100

Key