SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 190

changes.mady.by.user Jill Britton

Saved on

compared with

New Version Current

changes.mady.by.user Swasti Shrivastava

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In this noncompliant example, the C standard library function strchr() is called through the function pointer fp declared with a prototype with incorrectly typed arguments. According to the C Standard, 6.3.2.3, paragraph 8 [ISO/IEC 9899:20112024]

A pointer to a function of one type may be converted to a pointer to a function of another type and back again; the result shall compare equal to the original pointer. If a converted pointer is used to call a function whose type is not compatible with the referenced the referenced type, the behavior is undefined.

See undefined behavior 26.

...

ToolVersionCheckerDescription
Astrée
Include Page
Astrée_V
Astrée_V

incompatible-argument-type

parameter-match

parameter-match-computed

parameter-match-type

Fully checked
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-EXP37
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

LANG.FUNCS.APM

Array parameter mismatch
Compass/ROSE

Can detect some violations of this rule. In particular, it ensures that all calls to open() supply exactly two arguments if the second argument does not involve O_CREAT, and exactly three arguments if the second argument does involve O_CREAT

Coverity
Include Page
Coverity_V
Coverity_V

MISRA C 2012 Rule 8.2

MISRA C 2012 Rule 17.3

Implemented

Relies on functions declared with prototypes, allow compiler to check

Cppcheck Premium

Include Page
Cppcheck Premium_V
Cppcheck Premium_V

premium-cert-exp37-cFully implemented

ECLAIR

Include Page
ECLAIR_V
ECLAIR_V

CC2.EXP37

Partially implemented

EDG


GCC
Include Page
GCC_V
GCC_V

Can detect violation of this rule when the -Wstrict-prototypes flag is used. However, it cannot detect violations involving variadic functions, such as the open() example described earlier

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C1331, C1332, C1333, C3002, C3320, C3335

C++0403


Klocwork
Include Page
Klocwork_V
Klocwork_V
MISRA.FUNC.UNMATCHED.PARAMS
LDRA tool suite
Include Page
LDRA_V
LDRA_V

41 D, 21 S, 98 S, 170 S, 496 S, 576 S

Partially implemented
Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_C-EXP37-a
CERT_C-EXP37-b
CERT_C-EXP37-d

Conversions shall not be performed between non compatible pointer to a function types
Specify the access permission bits if a file is created using the 'open' or 'openat' system call
Functions shall always have visible prototype at the function call

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule EXP37-C

Checks for:

  • Implicit function declaration
  • Bad file access mode or status
  • Unreliable cast of function pointer
  • Standard function call with incorrect arguments

Rule partially covered.

PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V540, V541, V549, V575, V632, V639, V666, V671, V742, V743, V764, V1004
SonarQube C/C++ Plugin
Include Page
SonarQube C/C++ Plugin_V
SonarQube C/C++ Plugin_V
S930Detects incorrect argument count
RuleChecker

Include Page
RuleChecker_V
RuleChecker_V

parameter-match

parameter-match-type

Partially checked
TrustInSoft Analyzer

Include Page
TrustInSoft Analyzer_V
TrustInSoft Analyzer_V

unclassified ("function type matches")Partially verified (see one compliant and one non-compliant example).

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

  • Wrong argument values or references


Bibliography

[CVE]CVE-2006-1174
[ISO/IEC 9899:2011]6.35.2.32, "PointersFunction Calls"
[ISO/IEC 9899:2024]6.53.2.23, "Function CallsPointers"
[IEEE Std 1003.1:2013]open()
[Spinellis 2006]Section 2.6.1, "Incorrect Routine or Arguments"

...