SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 36

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version Current

changes.mady.by.user Jill Britton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#FFcccc
langc
/* First the options that are allowed only allowed for root */
if (getuid == 0 || geteuid != 0) {
  /* ... */
}

...

Code Block
bgColor#FFcccc
langc
/* First the options that are allowed only allowed for root */
if (getuid() == 0 || geteuid != 0) {
  /* ... */
}

...

Code Block
bgColor#ccccff
langc
/* First the options that are allowed only allowed for root */
if (getuid() == 0 || geteuid() != 0) {
  /* ... */
}

...

Code Block
bgColor#ccccff
langc
/* First the options that are allowed only allowed for root */ 
if (getuid == (uid_t(*)(void))0 || geteuid != (uid_t(*)(void))0) { 
  /* ... */ 
}

...

Code Block
bgColor#ccccff
langc
int do_xyz(void); 
 
int f(void) {
/* ... */ 
  if (do_xyz()) { 
    return -1; /* Indicate failure */
  }
/* ... */
  return 0;  
}

Risk Assessment

Errors of omission can result in unintended program flow.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

EXP16-C

low

Low

likely

Likely

medium

Medium

P6

L2

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
function-name-constant-comparison
Partially checked

Coverity

Include Page
Coverity_V
Coverity_V

BAD_COMPARE

Can detect the specific instance where the address of a function is compared against 0, such as in the case of geteuid versus getuid() in the implementation-specific details

GCC
Include Page
GCC_V
GCC_V
  

Can detect violations of this recommendation when the -Wall flag is used

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C0428, C3004, C3344
Klocwork
Include Page
Klocwork_V
Klocwork_V

EFFECT

CWARN.NULLCHECK.FUNCNAME
CWARN.FUNCADDR


LDRA tool suite
Include Page
LDRA_V
LDRA_V
 
99 SPartially implemented
Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V
CERT_C-EXP16-a
Function address should not be compared to zero
PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

2440, 2441

Partially supported: reports address of function, array, or variable directly or indirectly compared to null

PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V516, V1058
RuleChecker

Include Page
RuleChecker_V
RuleChecker_V

function-name-constant-comparison
Partially checked
 

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++
Secure
Coding StandardVOID EXP16-CPP. Avoid conversions using void pointers
ISO/IEC TR 24772:2013Likely incorrect expressions [KOA]
ISO/IEC TS 17961
 (Draft)
Comparing function addresses to zero [funcaddr]
MITRE CWECWE-480, Use of incorrect operator
CWE-482, Comparing instead of assigning

Bibliography

[Hatton 1995]Section 2.7.2, "Errors of Omission and Addition"

...


...

Image Modified Image Modified Image Modified