SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 29

changes.mady.by.user David Svoboda

Saved on

compared with

New Version Current

changes.mady.by.user Jill Britton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

For portable applications, use only the assignment = operator, the equality operators == and !=, and the unary & operator on plain-character-typed or plain-wide-character-typed expressions.

Wiki MarkupThis is recommended because the C99 standard requires only the digit characters ('0' - '9') to have consecutive numerical values \[[C99 N1401]\]. Thus, operations that rely on expected values for plain character or plain wide character-typed expressions can lead to unexpected This practice is recommended because the C Standard requires only the digit characters (0–9) to have consecutive numerical values. Consequently, operations that rely on expected values for plain-character- or plain-wide-character-typed expressions can lead to unexpected behavior.

However, because of the requirement for digit characters, other operators can be used for them according to the following restrictions:

  • The binary + operator may be used to add integer values from 0 to through 9 to '0'.
  • The binary - operator may be used to subtract character ' 0'.
  • Relational operators <, <=, >, and >= can be used to check whether a character or wide character is a digit.

...

This noncompliant code example attempts to determine if the value of a character variable is between 'a' and 'c' inclusive. However, since because the C99 standard C Standard does not require the letter characters to be in consecutive or in alphabetical or alphabetic order, the check might not work as expected.

Code Block
bgColor#FFCCCC
langc

char ch = 'b';
if ((ch >= 'a') && (ch <= 'c')) {
  /* ... */
}

...

In this example, the specific check is enforced using compliant operations on character expressions.:

Code Block
bgColor#CCCCFF
langc

char ch = 't';
if ((ch == 'a') || (ch == 'b') || (ch == 'c')) {
  /* ... */
}

Exceptions

STR09-C-EX1: Consecutive values for characters like a~z can be assumed on platforms where ASCII or Unicode is used. This guideline recommendation is primarily concerned with platform portability, for example, if code is migrated from ASCII systems to non-ASCII systems.

Risk

...

Assessment

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

STR09-C

low

Low

unlikely

Unlikely

low

Low

P3

L3

Other Languages

Wiki Markup
This rule appears in the C+\+ Secure Coding Standard as \[[cplusplus:STR07-CPP. Don't assume numeric values for expressions with type plain character]\].

Bibliography

Wiki Markup
\[[C99 N1401]\] Section 5.2.1 "Character sets"

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V

Supported indirectly via MISRA C:2012 rule 10.1.
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-STR09
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C2106, C2107
LDRA tool suite
Include Page
LDRA_V
LDRA_V
329 SFully implemented
Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V
CERT_C-STR09-a
Expressions with type (plain) char and wchar_t shall not be used as operands to built-in operators other than  =,  ==, != and the unary & operator
PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

9209

Fully supported

RuleChecker

Include Page
RuleChecker_V
RuleChecker_V


Supported indirectly via MISRA C:2012 rule 10.1.

Related Guidelines

SEI CERT C++ Coding StandardVOID STR07-CPP. Don't assume numeric values for expressions with type plain character

Bibliography

[Jones 2009]Section 5.2.1, "Character Sets"


...

Image Added Image Added Image Removed      07. Characters and Strings (STR)      Image Modified