SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 97

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 98

changes.mady.by.user Unknown User (lflynn)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

Key here (explains table format and definitions)

MITRE CWE

Taxonomy

Taxonomy item

Relationship

ISO/IEC TS 17961Accessing an object through a pointer to an incompatible type [ptrcomp]Prior to 2018-01-12: CERT: Unspecified Relationship
CWE 2.11CWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer2017-05-18: CERT: Partial overlap
CWE 2.11CWE-125, Out-of-bounds Read2017-05-18: CERT: Partial overlap
CWE 2.11CWE-7042017-06-14: CERT: Rule subset of CWE

CERT-CWE Mapping Notes

Key here for mapping notes

CWE-119 and EXP39-C

Independent( ARR30-C, ARR38-C, ARR32-C, INT30-C, INT31-C, EXP39-C, EXP33-C, FIO37-C) STR31-C = Subset( Union( ARR30-C, ARR38-C)) STR32-C = Subset( ARR38-C)

Intersection( EXP39-C, CWE-119) =

  • Reading memory assigned to one type, but being accessed through a pointer to a larger type.

EXP39-C – CWE-119 =

  • Writing to memory assigned to one type, but accessed through a pointer to a larger type

  • Reading memory assigned to one type, but being accessed through a pointer to a smaller (or equal-sized) type

CWE-119 – EXP39-C =

  • Reading beyond a buffer using a means other than accessing a variable through an incompatible pointer.

CWE-123

...

and EXP39-C

Intersection( CWE-123, EXP39-C) = Ø

EXP39-C allows overflowing a (small) buffer, but not arbitrary memory writes. (Possibly an arbitrary-memory write exploit could be devised using a “perfect storm” of incompatible types, but this would be uncommon in practice.)

CWE-125 and EXP39-C

Independent( ARR30-C, ARR38-C, EXP39-C, INT30-C) STR31-C = Subset( Union( ARR30-C, ARR38-C)) STR32-C = Subset( ARR38-C)

Intersection( EXP39-C, CWE-125) =

  • Reading memory assigned to one type, but being accessed through a pointer to a larger type.

ESP39-C – CWE-125 =

  • Reading memory assigned to one type, but being accessed through a pointer to a smaller (or equal-sized) type

CWE-125 – EXP39-C =

  • Reading beyond a buffer using a means other than accessing a variable through an incompatible pointer.

CWE-188 and EXP39-C

Intersection( CWE-188, EXP39-C) = Ø

CWE-188 appears to be about making assumptions about the layout of memory between distinct variables (that are not part of a larger struct or array). Such assumptions typically involve pointer arithmetic (which violates ARR30-C). EXP39-C involves only one object in memory being (incorrectly) interpreted as if it were another object. EG a float being treated as an int (usually via pointers and typecasting)

CWE-704 and EXP39-C

CWE-704 = Union( EXP39-C, list) where list =

  • Incorrect (?) typecast that is not incompatible

Bibliography

[Acton 2006]"Understanding Strict Aliasing"
GCC Known Bugs"C Bugs, Aliasing Issues while Casting to Incompatible Types"
[ISO/IEC 9899:2011]6.5, "Expressions"
6.7.6.2, "Array Declarators"
[Walfridsson 2003]Aliasing, Pointer Casts and GCC 3.3

...