SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 155

changes.mady.by.user Roberto Bagnara

Saved on

compared with

New Version Current

changes.mady.by.user Jill Britton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Noncompliant Code Example (Non-Prototype-Format Declarators)

Noncompliant This noncompliant code example uses the identifier-list form for parameter declarations:

Code Block
bgColor#FFCCCC
langc
int max(a, b)
int a, b;
{
  return a > b ? a : b;
}

Section Subclause 6.11.7 of the C Standard [ISO/IEC 9899:2011] states that "the use of function definitions with separate parameter identifier and declaration lists (not prototype-format parameter type and identifier declarators) is an obsolescent feature."

...

In this noncompliant code example, the function pointer fn_ptr refers to the function add(), which accepts three integer arguments. However, fn_ptr is specified to accept two integer arguments. Setting fn_ptr to refer to add() results in unexpected program behavior. This example also violates DCL35violates EXP37-C. Call functions with the correct number and type of arguments.:

Code Block
bgColor#FFCCCC
langc
int add(int x, int y, int z) {
   return x + y + z;
}

int main(int argc, char *argv[]) {
   int (*fn_ptr) (int, int);
   int res;
   fn_ptr = add;
   res = fn_ptr(2, 3);  /* incorrectIncorrect */
   /* ... */
   return 0;
}

Compliant Solution (Function Pointers)

...

Code Block
bgColor#ccccff
langc
int add(int x, int y, int z) {
   return x + y + z;
}

int main(int argc, char *argv[]) {
   int (*fn_ptr) (int, int, int) ;
   int res;
   fn_ptr = add;
   res = fn_ptr(2, 3, 4);
   /* ... */
   return 0;
}

Risk Assessment

Failing to include type information for function declarators can result in unexpected or unintended program behavior.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

DCL07-C

low

Low

unlikely

Unlikely

low

Low

P3

L3

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V

function-prototype

implicit-function-declaration

Partially checked
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-DCL07
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
LANG.FUNCS.PROT
LANG.STRUCT.DECL.IMPT
Incomplete function prototype
Implicit Type

ECLAIR

Include Page
ECLAIR_V
ECLAIR_V

CC2.DCL07

Fully implemented

GCC
Include Page
GCC_V
GCC_V

 


Can detect violation of this recommendation when the -Wstrict-prototypes flag is used

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C1304, C2050, C3331, C3335, C3408, C3450


Klocwork
Include Page
Klocwork_V
Klocwork_V
MISRA.FUNC.PROT_FORM.KR.2012
MISRA.FUNC.NOPROT.DEF
MISRA.CAST.FUNC_PTR.2012
LDRA tool suite
Include Page
LDRA_V
LDRA_V

21 S
135 S
170 S

Fully implemented

PRQA QA-C Include PagePRQA_VPRQA_V

3335
3450
0563
2050

PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

718, 746, 936, 9074

Fully supported

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rec. DCL07-C


Checks for:

  • Cast between function pointers with different types
  • Function declared implicitly.

Rec. fully covered.

RuleChecker
Include Page
RuleChecker_V
RuleChecker_V

function-prototype

implicit-function-declaration

Partially checked
SonarQube C/C++ Plugin
Include Page
SonarQube C/C++ Plugin_V
SonarQube C/C++ Plugin_V
S819, S930
Fully implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

ISO/IEC TR 24772:2013Type System [IHN]
Subprogram Signature Mismatch [OTR]
ISO/IEC TS 17961Using a tainted value as an argument to an unprototyped function pointer [taintnoproto]
MISRA C:2012

Rule 8.

1

2 (required)

Bibliography

[ISO/IEC 9899:2011]
Section
Subclause 6.11.7, "Function Definitions"
[Spinellis 2006]Section 2.6.1, "Incorrect Routine or Arguments"

...


...

Image Modified Image Modified Image Modified