SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 32

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 33

changes.mady.by.user Justin Pincar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by sciSpider v2.4 (sch jbop) (X_X)@==(Q_Q)@

...

In most cases, the only portable operators on plain char types are assignment and equality operators (=, ==, != ). An exception is the translation to and from digits.  For example, if the char c is a digit, c - '0' is a value between 0 and 9.

...

Noncompliant Code Example

The following non-compliant noncompliant code example simply shows calling the standard string handling function strlen() with a plain character string, a signed character string, and an unsigned character string:

...

Wiki Markup
Compiling at high warning levels in compliance with [MSC00-AC. Compile cleanly at high warning levels] causes warnings to be issued when converting from {{unsigned char\[\]}} to {{const char const *}} when {{char}} is signed and from {{signed char\[\]}} to {{const char const *}} when {{char}} is defined to be unsigned.  Casts are required to eliminate these warnings, but excessive casts can make code difficult to read and hide legitimate warning messages.

Wiki Markup
If this C code were compiled using a C+\+ compiler, conversions from {{unsigned char\[\]}} to {{const char const *}} and from {{signed char\[\]}} to {{const char const *}} would be flagged as errors requiring casts.

Compliant Solution

The compliant solution uses plain char for character data.

...

Conversions are not required and the code compiles cleanly at high warning levels without casts.

Risk Assessment

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

STR04-A C

low

unlikely

low

P3

L3

Automated Detection

Fortify SCA Version 5.0 with CERT C Rule Pack can detect violations of this recommendation, except cases involving signed char.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.2.5, "Types"
\[[MISRA 04|AA. C References#MISRA 04]\] Rule 6.1, "The plain char type shall be used only for the storage and use of character values"

...

STR03-C. Do not inadvertently truncate a null-terminated byte string      07. Characters and Strings (STR)       STR05-A. Use pointers to const when referring to string literals Image Added