...
Errors of omission can result in unintended program flow.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
EXP16-C | Low | Likely | Medium | P6 | L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| function-name-constant-comparison | Partially checked | ||||||
| BAD_COMPARE | Can detect the specific instance where the address of a function is compared against 0, such as in the case of | |||||||
| GCC |
|
Can detect violations of this recommendation when the | |||||||||
| Helix QAC |
| C0428, C3004, C3344 | |||||||
| Klocwork |
|
EFFECT
CWARN.NULLCHECK.FUNCNAME | |||||||
| LDRA tool suite |
|
| 99 S | Partially implemented | ||||||||
| Parasoft C/C++test |
| CERT_C-EXP16-a | Function address should not be compared to zero | ||||||
| PC-lint Plus |
| 2440, 2441 | Partially supported: reports address of function, array, or variable directly or indirectly compared to null | ||||||
| PVS-Studio |
| V516, V1058 | |||||||
| RuleChecker |
| function-name-constant-comparison | Partially checked |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| SEI CERT C++ Coding Standard | VOID EXP16-CPP. Avoid conversions using void pointers |
| ISO/IEC TR 24772:2013 | Likely incorrect expressions [KOA] |
| ISO/IEC TS 17961 | Comparing function addresses to zero [funcaddr] |
| MITRE CWE | CWE-480, Use of incorrect operator CWE-482, Comparing instead of assigning |
Bibliography
| [Hatton 1995] | Section 2.7.2, "Errors of Omission and Addition" |
...
...