SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 53

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version Current

changes.mady.by.user Jill Britton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Noncompliant Code Example

The following This noncompliant code example simply shows the standard string-handling function strlen() being called with a plain character string, a signed character string, and an unsigned character string. The strlen() function takes a single argument of type const char *.:

Code Block
bgColor#FFCCCC
langc
size_t len;
char cstr[] = "char string";
signed char scstr[] = "signed char string";
unsigned char ucstr[] = "unsigned char string";

len = strlen(cstr);
len = strlen(scstr);  /* warnsWarns when char is unsigned */
len = strlen(ucstr);  /* warnsWarns when char is signed */

Compiling at high warning levels in compliance with MSC00-C. Compile cleanly at high warning levels causes warnings to be issued when

  • converting Converting from unsigned char[] to const char * when char is signed.
  • converting Converting from signed char[] to const char * when char is defined to be unsigned.

Casts are required to eliminate these warnings, but excessive casts can make code difficult to read and hide legitimate warning messages.

...

The compliant solution uses plain char for character data.:

Code Block
bgColor#ccccff
langc
size_t len;
char cstr[] = "char string";

len = strlen(cstr);

...

Failing to use plain char for characters in the basic character set can lead to excessive casts and less effective compiler diagnostics.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

STR04-C

low

Low

unlikely

Unlikely

low

Low

P3

L3

Automated Detection

Tool

Version

Checker

Description

Fortify SCA

V. 5.0

 

Can detect violations of this rule with CERT C Rule Pack, except cases involving signed char.

EDG

 

 

Astrée
Include Page
Astrée_V
Astrée_V

Supported indirectly via MISRA C:2004 rule 6.1.
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-STR04
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
LANG.TYPE.IAT
LANG.TYPE.ICA
LANG.TYPE.IOT
LANG.TYPE.MOT		Inappropriate assignment type
Inappropriate character arithmetic
Inappropriate operand type
Mismatched operand types
 
Compass/ROSE
 




ECLAIR
 
Include Page

 

ECLAIR Include PageECLAIR_VECLAIR_V

charsgnd

Fully implemented.

ECLAIR_V
ECLAIR_V

CC2.STR04

Fully implemented

EDG




Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C0432, C0674, C0699
LDRA tool suite
Include Page
LDRA_V
LDRA_V
93 S, 101 S, 329 S, 432 S, 458 SPartially implemented
Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V
CERT_C-STR04-a

The plain char type shall be used only for the storage and use of character values

RuleChecker
Include Page
RuleChecker_V
RuleChecker_V

Supported indirectly via MISRA C:2004 rule 6.1.
SonarQube C/C++ Plugin
Include Page
SonarQube C/C++ Plugin_V
SonarQube C/C++ Plugin_V
S810

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++

...

Coding Standard

...

VOID STR04-CPP. Use plain char for characters in the basic character set

ISO/IEC 9899:2011 Section 6.2.5, "Types"

MISRA Rule 6.1, "The plain char type shall be used only for the storage and use of character values"

...

MISRA C:2012

Rule 10.1 (required)
Rule 10.2 (required)
Rule 10.3 (required)
Rule 10.4 (required)


...

Image Modified Image Modified Image Modified