SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 186

changes.mady.by.user Jill Britton

Saved on

compared with

New Version Current

changes.mady.by.user Swasti Shrivastava

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In this noncompliant example, the C standard library function strchr() is called through the function pointer fp declared with a prototype with incorrectly typed arguments. According to the C Standard, 6.3.2.3, paragraph 8 [ISO/IEC 9899:20112024]

A pointer to a function of one type may be converted to a pointer to a function of another type and back again; the result shall compare equal to the original pointer. If a converted pointer is used to call a function whose type is not compatible with the referenced the referenced type, the behavior is undefined.

See undefined behavior 26.

...

C1331
CERT_C-EXP37-cIdentifiers be given for all of the parameters in a function prototype declaration
Function types shall have named parameters
Function types shall be in prototype form
  • Unreliable cast of function pointer
  • Standard function call with incorrect arguments

    • Rule partially covered.

    0403

    ToolVersionCheckerDescription
    Astrée
    Include Page
    Astrée_V
    Astrée_V

    incompatible-argument-type

    parameter-match

    parameter-match-computed

    parameter-match-type

    		Fully checked
    Axivion Bauhaus Suite

    Include Page
    Axivion Bauhaus Suite_V
    Axivion Bauhaus Suite_V

    		CertC-EXP37
    CodeSonar
    Include Page
    CodeSonar_V
    CodeSonar_V

    LANG.FUNCS.APM

    		Array parameter mismatch
    Compass/ROSE

    Can detect some violations of this rule. In particular, it ensures that all calls to open() supply exactly two arguments if the second argument does not involve O_CREAT, and exactly three arguments if the second argument does involve O_CREAT

    Coverity
    Include Page
    Coverity_V
    Coverity_V

    MISRA C 2012 Rule 8.2

    MISRA C 2012 Rule 17.3

    Implemented

    Relies on functions declared with prototypes, allow compiler to check

    Cppcheck Premium

    Include Page
    Cppcheck Premium_V
    Cppcheck Premium_V

    		premium-cert-exp37-cFully implemented

    ECLAIR

    Include Page
    ECLAIR_V
    ECLAIR_V

    CC2.EXP37

    Partially implemented

    EDG


    GCC
    Include Page
    GCC_V
    GCC_V

    Can detect violation of this rule when the -Wstrict-prototypes flag is used. However, it cannot detect violations involving variadic functions, such as the open() example described earlier

    Helix QAC

    Include Page
    Helix QAC_V
    Helix QAC_V

    C1331, C1332, C1333, C3002, C3320, C3335

    C++0403


    Klocwork
    Include Page
    Klocwork_V
    Klocwork_V
    		MISRA.FUNC.UNMATCHED.PARAMS
    LDRA tool suite
    Include Page
    LDRA_V
    LDRA_V

    41 D, 21 S, 98 S, 170 S, 496 S, 576 S

    		Partially implemented
    Parasoft C/C++test

    Include Page
    Parasoft_V
    Parasoft_V

    CERT_C-EXP37-a
    CERT_C-EXP37-b


    CERT_C-EXP37-d

    Conversions shall

    not be performed between non compatible pointer to a function types
    Specify the access permission bits if a file is created using the 'open' or 'openat' system call
    Functions shall always have visible prototype at the function call

    Polyspace Bug Finder

    Include Page
    Polyspace Bug Finder_V
    Polyspace Bug Finder_V

    CERT C: Rule EXP37-C

    Checks for:

    • Implicit function declaration
    • Bad file access mode or status
    		PRQA QA-C
    Include Page
    PRQA QA-C_vPRQA QA-C_v1331, 1332, 1333, 3002, 3320, 3335Partially implemented
    • Unreliable cast of function pointer
    • Standard function call with incorrect arguments

    Rule partially covered.

    		PRQA QA-C++
    Include Page
    cplusplus:PRQA QA-C++_Vcplusplus:PRQA QA-C++_V
    PVS-Studio

    Include Page
    PVS-Studio_V
    PVS-Studio_V

    		V540, V541, V549, V575, V632, V639, V666, V671, V742, V743, V764, V1004
    SonarQube C/C++ Plugin
    Include Page
    SonarQube C/C++ Plugin_V
    SonarQube C/C++ Plugin_V
    		S930Detects incorrect argument count
    RuleChecker

    Include Page
    RuleChecker_V
    RuleChecker_V

    parameter-match

    parameter-match-type

    		Partially checked
    TrustInSoft Analyzer

    Include Page
    TrustInSoft Analyzer_V
    TrustInSoft Analyzer_V

    		unclassified ("function type matches")Partially verified (see one compliant and one non-compliant example).

    Related Vulnerabilities

    Search for vulnerabilities resulting from the violation of this rule on the CERT website.

    ...

    • Wrong argument values or references


    Bibliography

    [CVE]CVE-2006-1174
    [ISO/IEC 9899:2011]6.35.2.32, "Pointers"Function Calls"
    [ISO/IEC 9899:2024]6.53.2.23, "Function CallsPointers"
    [IEEE Std 1003.1:2013]open()
    [Spinellis 2006]Section 2.6.1, "Incorrect Routine or Arguments"

    ...