...
Errors of omission can result in unintended program flow.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
EXP16-C | Low | Likely | Medium | P6 | L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Astrée |
| function-name-constant-comparison | Partially checked | ||||||
| BAD_COMPARE | Can detect the specific instance where the address of a function is compared against 0, such as in the case of | |||||||
GCC |
|
Can detect violations of this recommendation when the | |||||||||
Helix QAC |
| C0428, C3004, C3344 | |||||||
Klocwork |
|
EFFECT
CWARN.NULLCHECK.FUNCNAME | |||||||||
LDRA tool suite |
| 99 S | Partially implemented | ||||||
Parasoft C/C++test |
| CERT_C-EXP16-a | Function address should not be compared to zero | |||||||
PC-lint Plus |
| 2440, 2441 | Partially supported: reports address of function, array, or variable directly or indirectly compared to null | ||||||
PVS-Studio |
| V516, V1058 | |||||||
RuleChecker |
| function-name-constant-comparison | Partially checked |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
SEI CERT C++ Coding Standard | VOID EXP16-CPP. Avoid conversions using void pointers |
ISO/IEC TR 24772:2013 | Likely incorrect expressions [KOA] |
ISO/IEC TS 17961 | Comparing function addresses to zero [funcaddr] |
MITRE CWE | CWE-480, Use of incorrect operator CWE-482, Comparing instead of assigning |
Bibliography
[Hatton 1995] | Section 2.7.2, "Errors of Omission and Addition" |
...
...