SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 13

changes.mady.by.user Pamela Curtis

Saved on

compared with

New Version 14

changes.mady.by.user Justin Pincar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by sciSpider v2.4 (sch jbop) (X_X)@==(Q_Q)@

...

The C standard uses the following philosophy for choosing character types, though it is not explicitly stated in one place.

signed char and unsigned char

  • Suitable for small integer values

"plain" char

  • The type of each element of a string literal.
  • Used for character data from a limited character set (where signedness has little meaning) as opposed to integer data.

int

  • Used for data that can be either EOF (a negative value) or character data interpreted as unsigned char and then converted to int. As a result, returned by fgetc(), getc(), getchar(), and ungetc(). Also, accepted by the character handling functions from <ctype.h>, because they might be passed the result of fgetc(), etc.
  • The type of a character constant. Its value is that of a plain char converted to int.

Note that the two different ways a character is used as an int (as an unsigned char + EOF, or as a plain char, converted to int) can lead to confusion. For example, isspace('\200') results in undefined behavior when char is signed.

unsigned char

  • Used internally for string comparison functions, even though these operate on character data.  Consequently, the result of a string comparison does not depend on whether plain char is signed.
  • Used for situations where the object being manipulated might be of any type, and it is necessary to access all bits of that object, as with fwrite().

wchar_t

  • Wide characters are used for natural-language character data.

Risk Assessment

Understanding how to represent characters and character strings can eliminate many common programming errors that lead to software vulnerabilities.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

STR00-A C

medium

probable

low

P12

L1

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[ISO/IEC TR 24731-1:2007|AA. C References#ISO/IEC TR 24731-1-2007]\]
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.1.1, "Definitions of terms," and Section 7.21, "String handling <{{string.h}}>"
\[[Seacord 05a|AA. C References#Seacord 05a]\] Chapter 2, "Strings"

...

07. Characters and Strings (STR)      07. Characters and Strings (STR)       STR01-A. Adopt and implement a consistent plan for managing strings Image Added