SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 170

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 171

changes.mady.by.user Unknown User (lflynn)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

Key here (explains table format and definitions)

MITRE CWE

Taxonomy

Taxonomy item

Relationship

CERT C Secure Coding StandardDCL07-C. Include the appropriate type information in function declaratorsPrior to 2018-01-12: CERT: Unspecified Relationship
CERT C Secure Coding StandardMSC00-C. Compile cleanly at high warning levelsPrior to 2018-01-12: CERT: Unspecified Relationship
CERT C Secure Coding StandardFIO06-C. Create files with appropriate access permissionsPrior to 2018-01-12: CERT: Unspecified Relationship
ISO/IEC TR 24772:2013Subprogram Signature Mismatch [OTR]Prior to 2018-01-12: CERT: Unspecified Relationship
ISO/IEC TS 17961Calling functions with incorrect arguments [argcomp]Prior to 2018-01-12: CERT: Unspecified Relationship
MISRA C:2012Rule 8.2 (required)Prior to 2018-01-12: CERT: Unspecified Relationship
MISRA C:2012Rule 17.3 (mandatory)Prior to 2018-01-12: CERT: Unspecified Relationship
CWE 2.11CWE-628, Function Call with Incorrectly Specified Arguments2017-07-05: CERT: Rule subset of CWE

CERT-CWE Mapping Notes

Key here for mapping notes

CWE-685 and EXP37-C

EXP37-C = Union( CWE-685, CWE-686) Intersection( CWE-685, CWE-686) = Ø

CWE-686 and EXP37-C

Intersection( EXP37-C, FIO47-C) =

  • Invalid argument types passed to format I/O function

EXP37-C – FIO47-C =

  • Invalid argument types passed to non-format I/O function

FIO47-C – EXP37-C =

  • Invalid format string, but correctly matches arguments in number and type

EXP37-C = Union( CWE-685, CWE-686

...

)

Intersection( CWE-685, CWE-686) = Ø

CWE-628 and EXP37-C

CWE-628 = Union( EXP37-C, list) where list =

  • Improper ordering of function arguments (that does not violate argument types)

  • Wrong argument values or references

Bibliography

[CVE]CVE-2006-1174
[ISO/IEC 9899:2011]6.3.2.3, "Pointers"
6.5.2.2, "Function Calls"
[IEEE Std 1003.1:2013]open()
[Spinellis 2006]Section 2.6.1, "Incorrect Routine or Arguments"

...