...
| Anchor | ||||
|---|---|---|---|---|
|
reliability [IEEE Std 610.12 1990]
The ability of a system or component to perform its required functions under stated conditions for a specified period of time.
| Anchor | ||||
|---|---|---|---|---|
|
restricted sink [ISO/IEC 9899:2011]
Operands and arguments whose domain is a subset of the domain described by their types.
| Anchor | ||||
|---|---|---|---|---|
|
robustness [IEEE Std 610.12 1990]
The degree to which a system or component can function correctly in the presence of invalid inputs or stressful environmental conditions.
| Anchor | ||||
|---|---|---|---|---|
|
rvalue [ISO/IEC 9899-1999]
Value of an expression.
| Anchor | |||
|---|---|---|---|
|
A security flaw is a software defect that poses a potential security risk.
A set of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources.
|
sanitize [ISO/IEC TS 17961:2013]
Assure by testing or replacement that a tainted or other value conforms to the constraints imposed by one or more restricted sinks into which it may flow.
NOTE
If the value does not conform, either the path is diverted to avoid using the value or a different, known-conforming value is substituted—for example, adding a null character to the end of a buffer before passing it as an argument to the strlen function.
| Anchor | ||||
|---|---|---|---|---|
|
security flaw [Seacord 05a]
A security flaw is a software defect that poses a potential security risk.
| Anchor | ||||
|---|---|---|---|---|
|
security policy [Internet Society 00]
A set of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources.
| Anchor | ||||
|---|---|---|---|---|
|
strong exception safety [Stroustrup 01], [Sutter 00]
The strong exception safety guarantee is a property of an operation such that,
The strong exception safety guarantee is a property of an operation such that, in addition to satisfying the basic exception safety guarantee, if the operation terminates by raising an exception it has no observable effects on program state. See also exception safety, basic exception safety, and no-throw guarantee.
| Anchor | ||||
|---|---|---|---|---|
|
SFINAE (Substitution Failure is Not An Error) (SFINAE)
A language rule applied by the compiler during overload resolution involving templates. In some contexts, when substituting a template type parameter fails, the specialization is discarded from the overload set instead of causing a compile error. This feature is used in template metaprogramming.
| Anchor | ||||
|---|---|---|---|---|
|
tainted source [ISO/IEC TS 17961:2013]
External source of untrusted data.
NOTE
Tainted sources include
- parameters to the
main()function - the returned values from
localeconv(),fgetc(),getc,getchar,()fgetwc,()getwc, and()getwchar() - the strings produced by
getenv,()fscanf,()vfscanf(),vscanf,()fgets(),fread,()fwscanf(),vfwscanf,()vwscanf,()wscanf, and()fgetws()
- parameters to the
| Anchor | ||||
|---|---|---|---|---|
|
tainted value [ISO/IEC TS 17961:2013]
Value derived from a tainted source that has not been sanitized.
| Anchor | ||||
|---|---|---|---|---|
|
trap representation [ISO/IEC 9899-1999]
Object representation that does not represent a value of the object type. Attempting to read the value of an object that has a trap representation other than by an expression that has a character type is undefined. Producing such a representation by a side effect that modifies all or any part of the object other than by an expression that has a character type is undefined.
...