SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 37

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version Current

changes.mady.by.user Svyatoslav Razmyslov

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Compile code using the highest warning level available for your compiler and eliminate warnings by modifying the code.

Wiki MarkupAccording to C99 \[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section to the C Standard, subclause 5.1.1.3:3 [ISO/IEC 9899:2011],

A conforming implementation shall produce at least one diagnostic message (identified in an implementation-defined manner) if a preprocessing translation unit or translation unit contains a violation of any syntax rule or constraint, even if the behavior is also explicitly specified as undefined or implementation-defined. Diagnostic messages need not be produced in other circumstances.

Assuming a conforming implementation, eliminating diagnostic messages will eliminate any syntactic or constraint violations.

If suitable source-code-checking tools are available, use them regularly.

Exceptions

unmigrated-wiki-markup

*MSC00-EX1:* Compilers can produce diagnostic messages for correct code. This is permitted by C99 \[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\], which allows a compiler to produce a diagnostic for any reason. It is usually preferable to rewrite code to eliminate compiler warnings, but if the code is correct it is sufficient to provide a comment explaining why the warning message does not apply. Some compilers provide ways to suppress warnings, such as suitably formatted comments or pragmas, which can be used sparingly when the programmer understands the implications of the warning but has good reason to use the flagged construct code, as is permitted by C. It is usually preferable to rewrite code to eliminate compiler warnings, but if the code is correct, it is sufficient to provide a comment explaining why the warning message does not apply. Some compilers provide ways to suppress warnings, such as suitably formatted comments or pragmas, which can be used sparingly when the programmer understands the implications of the warning but has good reason to use the flagged construct anyway.

Do not simply quiet warnings by adding type casts or other means. Instead, understand the reason for the warning and consider a better approach, such as using matching types and avoiding type casts whenever possible.

Noncompliant Code Example (Windows)

Using the default warning specifier with  #pragma warning resets the behavior of a warning to its default value, which may not be the same as its previous behavior.  Programmers commonly, but incorrectly, use the default warning specifier to restore previous warning messages after a message is temporarily disabled.  

Code Block
bgColor#ffcccc
langc
#pragma warning(disable:4705) 
#pragma warning(disable:4706) 
#pragma warning(disable:4707) 
/* Unnecessarily flagged code */
#pragma warning(default:4705) 
#pragma warning(default:4706) 
#pragma warning(default:4707)

Compliant Solution (Windows)

Instead of using the default warning specifier, the current state of the warnings should be saved and then restored after the unnecessarily flagged code.

Code Block
bgColor#ccccff
langc
#pragma warning(push) 
#pragma warning(disable:4705) 
#pragma warning(disable:4706) 
#pragma warning(disable:4707) 
/* Unnecessarily flagged code */
#pragma warning(pop)

The pragma warning(push) stores the current warning state for every warning. The pragma warning(pop)pops the last warning state pushed onto the stack. Any changes made to the warning state between the push and pop are undone.

Risk Assessment

Eliminating violations of syntax rules and other constraints can eliminate serious software vulnerabilities that can lead to the execution of arbitrary code with the permissions of the vulnerable process.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

MSC00-C

medium

Medium

probable

Probable

medium

Medium

P8

L2

Related Vulnerabilities

Search for for vulnerabilities resulting from the violation of this rule on the CERT website.

Automated Detection

ToolVersionCheckerDescription
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

BUILD.WALL

BUILD.

...

Other Languages

...

WERROR

Not All Warnings Are Enabled

Warnings Not Treated As Errors

PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V665
SonarQube C/C++ Plugin
 
Include Page
SonarQube C/C++ Plugin_V
SonarQube C/C++ Plugin_V

S1762

S973

Warns when the default warning specifier is used with  #pragma warning.

Requires documentation of #pragma uses

Related Guidelines

SEI CERT C++ Coding StandardVOID MSC00-CPP. Compile cleanly at high warning levels

...

MITRE CWECWE-563, Unused variable
CWE-570, Expression is always false
CWE-571, Expression is always true

Bibliography

[ISO/IEC 9899:2011]Section

References

...

5.1.1.3,

...

"Diagnostics"
[Seacord 2013]Chapter 9, "Recommended Practices"
[Sutter 2005]Item 1


...

Image Added Image Added \[[MITRE 07|AA. C References#MITRE 07]\] [CWE ID 563|http://cwe.mitre.orgdata/definitions/563.html], "Unused Variable"; [CWE ID 570|http://cwe.mitre.org/data/definitions/570.html], "Expression is Always False"; [CWE ID 571|http://cwe.mitre.org/data/definitions/571.html], "Expression is Always True" \[[Sutter 05|AA. C References#Sutter 05]\] Item 1 \[[Seacord 05a|AA. C References#Seacord 05]\] Chapter 8, "Recommended Practices"49. Miscellaneous (MSC)      49. Miscellaneous (MSC)      Image Modified