SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 31

changes.mady.by.user Melanie Thompson

Saved on

compared with

New Version 32

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Most legitimate platform dependencies can and should be isolated in separate modules that expose portable, platform agnostic interfaces to platform-specific implementations. Portable applications that cannot avoid relying on platform-specific details should always provide a generic, portable, standards-based solution as a fallback mechanism for the platform-specific alternative. That way, such an application can be more easily ported to new platforms, without an excessive risk of security flaws caused by assumptions that do not hold in the new environment.

...

This code sample also violates guideline recommendation INT14-C. Avoid performing bitwise and arithmetic operations on the same data.

...

The GNU libc implementation of strerror_r declares the function to return char*, in conflict with the POSIX ® specification. The following noncompliant code example relies on this return type to pass the return value as an argument to the %s formatting directive to fprintf. The behavior of the example will be undefined on a platform that declares the return type of strerror_r() to be int, in accordance with POSIX.

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C++ Secure Coding Standard: MSC14-CPP. Do not introduce unnecessary platform dependencies

Bibliography

unmigrated-wiki-markup

\[[Dowd 2006|AA. Bibliography#Dowd 06]\] Chapter 6, "C Language Issues" (Arithmetic Boundary Conditions, pp. 211-223) \[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 3.4.1, "implementation-defined behavior," Section 3.4.4, "unspecified behavior," Appendix J.1, "Unspecified behavior," and Appendix J.3, "Implementation-defined behavior"

ISO/IEC TR 24772 "BQF Unspecified Behaviour"

Bibliography

Wiki Markup
 behavior"
\[[ISO/IEC PDTR 24772Dowd 2006|AA. Bibliography#ISO/IEC PDTR 24772Bibliography#Dowd 06]\] Chapter 6, "BQFC UnspecifiedLanguage Behaviour"Issues" (Arithmetic Boundary Conditions, pp. 211-223)
\[[Seacord 2005a|AA. Bibliography#Seacord 05]\] Chapter 5, "Integers"

...