Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tip

The table below can be re-ordered, by clicking column headers.

...

Include Page
c:CodeSonar_Vc:
CodeSonar_V

Checker

Guideline

(customization) FIO44-C. Only use values for fsetpos() that are returned from fgetpos()
(customization) ERR34-C. Detect errors when converting a string to a number
(customization) POS34-C. Do not call putenv() with a pointer to an automatic variable as the argument
(customization) DCL03-C. Use a static assertion to test the value of a constant expression
(customization) FIO06-C. Create files with appropriate access permissions
(customization) FIO08-C. Take care when calling remove() on an open file
(customization) FIO10-C. Take care when using the rename() function
(customization) FIO13-C. Never push back anything other than one read character
(customization) FIO24-C. Do not open a file that is already open
(customization) MEM03-C. Clear sensitive information stored in reusable resources
(customization) MEM04-C. Beware of zero-length allocations
(customization) MSC24-C. Do not use deprecated or obsolescent functions
(customization) STR06-C. Do not assume that strtok() leaves the parse string unchanged
(customization) WIN01-C. Do not forcibly terminate execution
(general) FIO37-C. Do not assume that fgets() or fgetws() returns a nonempty string when successful
(general) ENV01-C. Do not make assumptions about the size of an environment variable
(general) INT04-C. Enforce limits on integer values originating from tainted sources
(general) MEM11-C. Do not assume infinite heap space
ALLOC.DF MEM00-C. Allocate and free memory in the same module, at the same level of abstraction
ALLOC.DF MEM01-C. Store a new value in pointers immediately after free()
ALLOC.FNH MEM34-C. Only free memory allocated dynamically ALLOC.LEAK MEM31-C. Free dynamically allocated memory when no longer needed
ALLOC.LEAK FIO42-C. Close files when they are no longer needed
ALLOC.LEAK CON30-C. Clean up thread-specific storage
ALLOC.LEAK MEM00-C. Allocate and free memory in the same module, at the same level of abstraction
ALLOC.LEAK MEM11-C. Do not assume infinite heap space
ALLOC.SIZE.ADDOFLOW INT30-C. Ensure that unsigned integer operations do not wrap
ALLOC.SIZE.ADDOFLOW INT32-C. Ensure that operations on signed integers do not result in overflow
ALLOC.SIZE.ADDOFLOW MEM35-C. Allocate sufficient memory for an object
ALLOC.SIZE.ADDOFLOW INT08-C. Verify that all integer values are in range
ALLOC.SIZE.ADDOFLOW INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
ALLOC.SIZE.IOFLOW INT30-C. Ensure that unsigned integer operations do not wrap
ALLOC.SIZE.IOFLOW INT32-C. Ensure that operations on signed integers do not result in overflow
ALLOC.SIZE.IOFLOW ARR32-C. Ensure size arguments for variable length arrays are in a valid range
ALLOC.SIZE.IOFLOW MEM35-C. Allocate sufficient memory for an object
ALLOC.SIZE.IOFLOW INT08-C. Verify that all integer values are in range
ALLOC.SIZE.IOFLOW INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
ALLOC.SIZE.MULOFLOW INT30-C. Ensure that unsigned integer operations do not wrap
ALLOC.SIZE.MULOFLOW INT32-C. Ensure that operations on signed integers do not result in overflow
ALLOC.SIZE.MULOFLOW ARR32-C. Ensure size arguments for variable length arrays are in a valid range
ALLOC.SIZE.MULOFLOW MEM35-C. Allocate sufficient memory for an object
ALLOC.SIZE.MULOFLOW INT08-C. Verify that all integer values are in range
ALLOC.SIZE.MULOFLOW INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
ALLOC.SIZE.MULOFLOW MEM07-C. Ensure that the arguments to calloc(), when multiplied, do not wrap
ALLOC.SIZE.SUBUFLOW INT30-C. Ensure that unsigned integer operations do not wrap
ALLOC.SIZE.SUBUFLOW INT32-C. Ensure that operations on signed integers do not result in overflow
ALLOC.SIZE.SUBUFLOW MEM35-C. Allocate sufficient memory for an object
ALLOC.SIZE.SUBUFLOW INT08-C. Verify that all integer values are in range
ALLOC.SIZE.SUBUFLOW INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
ALLOC.SIZE.TRUNC INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
ALLOC.SIZE.TRUNC MEM35-C. Allocate sufficient memory for an object
ALLOC.SIZE.TRUNC INT02-C. Understand integer conversion rules
ALLOC.SIZE.TRUNC INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
ALLOC.TM WIN30 MEM34-C. Only free memory allocated dynamically
ALLOC.TM WIN30-C. Properly pair allocation and Properly pair allocation and deallocation functions
ALLOC.TM API07-C. Enforce type safety
ALLOC.UAF MEM30-C. Do not access freed memory
ALLOC.UAF MEM01-C. Store a new value in pointers immediately after free()
BADFUNC.* MSC24-C. Do not use deprecated or obsolescent functions
BADFUNC.ABORT ENV32-C. All exit handlers must return normally
BADFUNC.ABORT_HANDLER_S MSC23-C. Beware of vendor-specific library and language differences
BADFUNC.ATOF ERR34-C. Detect errors when converting a string to a number
BADFUNC.ATOI ERR34-C. Detect errors when converting a string to a number
BADFUNC.ATOL ERR34-C. Detect errors when converting a string to a number
BADFUNC.ATOLL ERR34-C. Detect errors when converting a string to a number
BADFUNC.ATOLL MSC23-C. Beware of vendor-specific library and language differences
BADFUNC.BO.* ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
BADFUNC.BO.* ARR38-C. Guarantee that library functions do not form invalid pointers
BADFUNC.BO.* ARR39-C. Do not add or subtract a scaled integer to a pointer
BADFUNC.BO.* STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
BADFUNC.BO.* API02-C. Functions that read or write to or from an array should take an argument to specify the source or target size
BADFUNC.BO.OEMTOCHAR STR07-C. Use the bounds-checking interfaces for string manipulation
BADFUNC.BO.STRCAT STR07-C. Use the bounds-checking interfaces for string manipulation
BADFUNC.BO.STRCATCHAINW STR07-C. Use the bounds-checking interfaces for string manipulation
BADFUNC.BO.STRCHR STR07-C. Use the bounds-checking interfaces for string manipulation
BADFUNC.BO.STRCMP STR07-C. Use the bounds-checking interfaces for string manipulation
BADFUNC.BO.STRCOLL STR07-C. Use the bounds-checking interfaces for string manipulation
BADFUNC.BO.STRCPY STR07-C. Use the bounds-checking interfaces for string manipulation
BADFUNC.BO.STRCSPN STR07-C. Use the bounds-checking interfaces for string manipulation
BADFUNC.BO.STRLEN STR07-C. Use the bounds-checking interfaces for string manipulation
BADFUNC.BO.STRPBRK STR07-C. Use the bounds-checking interfaces for string manipulation
BADFUNC.BO.STRRCHR STR07-C. Use the bounds-checking interfaces for string manipulation
BADFUNC.BO.STRSPN STR07-C. Use the bounds-checking interfaces for string manipulation
BADFUNC.BO.STRSTR STR07-C. Use the bounds-checking interfaces for string manipulation
BADFUNC.BO.STRTOK STR07-C. Use the bounds-checking interfaces for string manipulation
BADFUNC.BO.STRTRNS STR07-C. Use the bounds-checking interfaces for string manipulation
BADFUNC.BSEARCH_S MSC23-C. Beware of vendor-specific library and language differences
BADFUNC.CHROOT POS05-C. Limit access to files by creating a jail
BADFUNC.CONSTRAINT_HANDLER_T MSC23-C. Beware of vendor-specific library and language differences
BADFUNC.CREATEPROCESS WIN02-C. Restrict privileges when spawning child processes
BADFUNC.CREATETHREAD WIN02-C. Restrict privileges when spawning child processes
BADFUNC.LONGJMP EXIT MSC22 ENV32-C. Use the setjmp(), longjmp() facility securely All exit handlers must return normally
BADFUNC.MEMSET FENV_H MSC06 MSC23-C. Beware of compiler optimizations vendor-specific library and language differences
BADFUNC.PATH.* FIO02-C. Canonicalize path names originating from tainted sources
BADFUNC.PATH.AFXLOADLIBRARY WIN00-C. Be specific when dynamically loading libraries
BADFUNC.PATH.COLOADLIBRARY WIN00-C. Be specific when dynamically loading libraries
BADFUNC.PATH.LOADLIBRARY WIN00-C. Be specific when dynamically loading libraries
BADFUNC.PATH.SYSTEM ENV33-C. Do not call system()
BADFUNC.RANDOM.RAND CON33-C. Avoid race conditions when using library functions
BADFUNC.RANDOM.RAND MSC30-C. Do not use the rand() function for generating pseudorandom numbers
FOPEN_S MSC23-C. Beware of vendor-specific library and language differences
BADFUNC.FORK POS38-C. Beware of race conditions when using fork and file descriptors
BADFUNC.FREOPEN_S MSC23-C. Beware of vendor-specific library and language differences
BADFUNC.GETENV ENV30-C. Do not modify the object referenced by the return value of certain functions
BADFUNC.GMTIME_S MSC23-C. Beware of vendor-specific library and language differences
BADFUNC.IGNORE_HANDLER_S MSC23-C. Beware of vendor-specific library and language differences
BADFUNC.LOCALTIME_S MSC23-C. Beware of vendor-specific library and language differences
BADFUNC.LONGJMP ENV32-C. All exit handlers must return normally
BADFUNC.LONGJMP BADFUNC.SETJMP MSC22-C. Use the setjmp(), longjmp() facility securely
BADFUNC.SIGNAL MEMCMP SIG34 EXP42-C. Do not call signal() from within interruptible signal handlers compare padding data
BADFUNC.SIGNAL MEMSET CON37 MSC06-C. Do not call signal() in a multithreaded program Beware of compiler optimizations
BADFUNC.SIGNAL MEMSET_S SIG00 MSC23-C. Mask signals handled by noninterruptible signal handlers
BADFUNC.SIGNAL SIG01-C. Understand implementation-specific details regarding signal handler persistence
BADFUNC.SIGNAL SIG02-C. Avoid using signals to implement normal functionality
BADFUNC.TEMP.* FIO01-C. Be careful using functions that use file names for identification
BADFUNC.TEMP.* FIO21-C. Do not create temporary files in shared directories
BADFUNC.TEMP.TMPNAM CON33-C. Avoid race conditions when using library functions
BADFUNC.TTYNAME CON33-C. Avoid race conditions when using library functions
BADMACRO.STDARG_H EXP47-C. Do not call va_arg with an argument of the incorrect type
BUILD.WALL MSC00-C. Compile cleanly at high warning levels
BUILD.WERROR MSC00-C. Compile cleanly at high warning levels
CONCURRENCY.DATARACE SIG31-C. Do not access shared objects in signal handlers
CONCURRENCY.DATARACE CON32-C. Prevent data races when accessing bit-fields from multiple threads
CONCURRENCY.DATARACE CON43-C. Do not allow data races in multithreaded code
CONCURRENCY.DATARACE POS49-C. When data must be accessed by multiple threads, provide a mutex and guarantee no adjacent data is also accessed
CONCURRENCY.LOCK.NOLOCK CON01-C. Acquire and release synchronization primitives in the same module, at the same level of abstraction
CONCURRENCY.LOCK.NOUNLOCK CON01-C. Acquire and release synchronization primitives in the same module, at the same level of abstraction
CONCURRENCY.LOCK.ORDER CON35-C. Avoid deadlock by locking in a predefined order
CONCURRENCY.LOCK.ORDER POS51-C. Avoid deadlock with POSIX threads by locking in predefined order
CONCURRENCY.STARVE.BLOCKING POS52-C. Do not perform operations that can block while holding a POSIX lock
CONCURRENCY.STARVE.BLOCKING CON05-C. Do not perform operations that can block while holding a lock
DIAG.UNEX.* MSC07-C. Detect and remove dead code
DIAG.UNEX.* MSC12-C. Detect and remove code that has no effect or is never executed
HARDCODED.AUTH MSC41-C. Never hard code sensitive information
HARDCODED.AUTH MSC18-C. Be careful while handling sensitive data, such as passwords, in program code
HARDCODED.DNS MSC41-C. Never hard code sensitive information
HARDCODED.KEY MSC41-C. Never hard code sensitive information
HARDCODED.KEY MSC18-C. Be careful while handling sensitive data, such as passwords, in program code
HARDCODED.SALT MSC41-C. Never hard code sensitive information
HARDCODED.SALT MSC18-C. Be careful while handling sensitive data, such as passwords, in program code
IO.INJ.COMMAND ENV33-C. Do not call system()
IO.INJ.COMMAND STR02-C. Sanitize data passed to complex subsystems
IO.INJ.FMT FIO30-C. Exclude user input from format strings
IO.INJ.FMT FIO47-C. Use valid format strings
IO.INJ.FMT STR02-C. Sanitize data passed to complex subsystems
IO.INJ.LDAP STR02-C. Sanitize data passed to complex subsystems
IO.INJ.LIB STR02-C. Sanitize data passed to complex subsystems
IO.INJ.SQL STR02-C. Sanitize data passed to complex subsystems
IO.RACE FIO45-C. Avoid TOCTOU race conditions while accessing files
IO.RACE FIO01-C. Be careful using functions that use file names for identification
IO.RACE FIO24-C. Do not open a file that is already open
IO.TAINT.ADDR INT04-C. Enforce limits on integer values originating from tainted sources
IO.TAINT.FNAME FIO01-C. Be careful using functions that use file names for identification
IO.TAINT.FNAME FIO02-C. Canonicalize path names originating from tainted sources
Beware of vendor-specific library and language differences
BADFUNC.PATH.* FIO02-C. Canonicalize path names originating from tainted sources
BADFUNC.PATH.AFXLOADLIBRARY WIN00-C. Be specific when dynamically loading libraries
BADFUNC.PATH.COLOADLIBRARY WIN00-C. Be specific when dynamically loading libraries
BADFUNC.PATH.LOADLIBRARY WIN00-C. Be specific when dynamically loading libraries
BADFUNC.PATH.SYSTEM ENV33-C. Do not call system()
BADFUNC.PUTENV POS34-C. Do not call putenv() with a pointer to an automatic variable as the argument
BADFUNC.RANDOM.RAND CON33-C. Avoid race conditions when using library functions
BADFUNC.RANDOM.RAND MSC30-C. Do not use the rand() function for generating pseudorandom numbers
BADFUNC.REALLOC MEM36-C. Do not modify the alignment of objects by calling realloc()
BADFUNC.SET_CONSTRAINT_HANDLER_S MSC23-C. Beware of vendor-specific library and language differences
BADFUNC.SETJMP MSC22-C. Use the setjmp(), longjmp() facility securely
BADFUNC.SIGNAL SIG30-C. Call only asynchronous-safe functions within signal handlers
BADFUNC.SIGNAL SIG34-C. Do not call signal() from within interruptible signal handlers
BADFUNC.SIGNAL CON37-C. Do not call signal() in a multithreaded program
BADFUNC.SIGNAL SIG00-C. Mask signals handled by noninterruptible signal handlers
BADFUNC.SIGNAL SIG01-C. Understand implementation-specific details regarding signal handler persistence
BADFUNC.SIGNAL SIG02-C. Avoid using signals to implement normal functionality
BADFUNC.SNWPRINTF_S MSC23-C. Beware of vendor-specific library and language differences
BADFUNC.STRERRORLEN_S MSC23-C. Beware of vendor-specific library and language differences
BADFUNC.STRTOK_S MSC23-C. Beware of vendor-specific library and language differences
BADFUNC.TEMP.* FIO01-C. Be careful using functions that use file names for identification
BADFUNC.TEMP.* FIO21-C. Do not create temporary files in shared directories
BADFUNC.TEMP.TMPNAM CON33-C. Avoid race conditions when using library functions
BADFUNC.TIME_H MSC33-C. Do not pass invalid data to the asctime() function
BADFUNC.TMPFILE_S FIO01-C. Be careful using functions that use file names for identification
BADFUNC.TMPFILE_S FIO21-C. Do not create temporary files in shared directories
BADFUNC.TMPNAM_S FIO01-C. Be careful using functions that use file names for identification
BADFUNC.TMPNAM_S FIO21-C. Do not create temporary files in shared directories
BADFUNC.TTYNAME CON33-C. Avoid race conditions when using library functions
BADFUNC.VFSCANF_S MSC23-C. Beware of vendor-specific library and language differences
BADFUNC.VFWSCANF_S MSC23-C. Beware of vendor-specific library and language differences
BADFUNC.VSCANF_S MSC23-C. Beware of vendor-specific library and language differences
BADFUNC.VSNWPRINTF_S MSC23-C. Beware of vendor-specific library and language differences
BADFUNC.VSSCANF_S MSC23-C. Beware of vendor-specific library and language differences
BADFUNC.VSWSCANF_S MSC23-C. Beware of vendor-specific library and language differences
BADFUNC.VWSCANF_S MSC23-C. Beware of vendor-specific library and language differences
BADFUNC.WCSTOK_S MSC23-C. Beware of vendor-specific library and language differences
BADFUNC.WEAKCRYPTO MSC25-C. Do not use insecure or weak cryptographic algorithms
BADMACRO.STDARG_H EXP47-C. Do not call va_arg with an argument of the incorrect type
BADMACRO.STDARG_H MSC38-C. Do not treat a predefined identifier as an object if it might only be implemented as a macro
BADMACRO.STDARG_H MSC39-C. Do not call va_arg() on a va_list that has an indeterminate value
BADMACRO.WEAK_CRYPTO MSC25-C. Do not use insecure or weak cryptographic algorithms
BUILD.WALL MSC00-C. Compile cleanly at high warning levels
BUILD.WERROR MSC00-C. Compile cleanly at high warning levels
CONCURRENCY.BADFUNC.CNDSIGNAL CON38-C. Preserve thread safety and liveness when using condition variables
CONCURRENCY.BADFUNC.CNDWAIT CON36-C. Wrap functions that can spuriously wake up in a loop
CONCURRENCY.BADFUNC.PTHREAD_KILL POS44-C. Do not use signals to terminate threads
CONCURRENCY.C_ATOMIC MSC23-C. Beware of vendor-specific library and language differences
CONCURRENCY.C_THREAD.ISD CON34-C. Declare objects shared between threads with appropriate storage durations
CONCURRENCY.DATARACE SIG31-C. Do not access shared objects in signal handlers
CONCURRENCY.DATARACE CON32-C. Prevent data races when accessing bit-fields from multiple threads
CONCURRENCY.DATARACE CON43-C. Do not allow data races in multithreaded code
CONCURRENCY.DATARACE POS49-C. When data must be accessed by multiple threads, provide a mutex and guarantee no adjacent data is also accessed
CONCURRENCY.DATARACE CON07-C. Ensure that compound operations on shared variables are atomic
CONCURRENCY.DU POS48-C. Do not unlock or destroy another POSIX thread's mutex
CONCURRENCY.LOCALARG CON31-C. Do not destroy a mutex while it is locked
CONCURRENCY.LOCALARG CON34-C. Declare objects shared between threads with appropriate storage durations
CONCURRENCY.LOCK.NOLOCK CON01-C. Acquire and release synchronization primitives in the same module, at the same level of abstraction
CONCURRENCY.LOCK.NOUNLOCK CON01-C. Acquire and release synchronization primitives in the same module, at the same level of abstraction
CONCURRENCY.LOCK.ORDER CON35-C. Avoid deadlock by locking in a predefined order
CONCURRENCY.LOCK.ORDER POS51-C. Avoid deadlock with POSIX threads by locking in predefined order
CONCURRENCY.MAA CON32-C. Prevent data races when accessing bit-fields from multiple threads
CONCURRENCY.MAA CON40-C. Do not refer to an atomic variable twice in an expression
CONCURRENCY.MAA CON43-C. Do not allow data races in multithreaded code
CONCURRENCY.MAA POS49-C. When data must be accessed by multiple threads, provide a mutex and guarantee no adjacent data is also accessed
CONCURRENCY.STARVE.BLOCKING POS52-C. Do not perform operations that can block while holding a POSIX lock
CONCURRENCY.STARVE.BLOCKING CON05-C. Do not perform operations that can block while holding a lock
CONCURRENCY.THREADLOCAL MSC23-C. Beware of vendor-specific library and language differences
CONCURRENCY.TNJ CON39-C. Do not join or detach a thread that was previously joined or detached
DIAG.UNEX.* MSC07-C. Detect and remove dead code
DIAG.UNEX.* MSC12-C. Detect and remove code that has no effect or is never executed
HARDCODED.AUTH MSC41-C. Never hard code sensitive information
HARDCODED.AUTH MSC18-C. Be careful while handling sensitive data, such as passwords, in program code
HARDCODED.DNS MSC41-C. Never hard code sensitive information
HARDCODED.KEY MSC41-C. Never hard code sensitive information
HARDCODED.KEY MSC18-C. Be careful while handling sensitive data, such as passwords, in program code
HARDCODED.SALT MSC41-C. Never hard code sensitive information
HARDCODED.SALT MSC18-C. Be careful while handling sensitive data, such as passwords, in program code
HARDCODED.SEED MSC32-C. Properly seed pseudorandom number generators
HARDCODED.SEED MSC41-C. Never hard code sensitive information
IO.BRAW FIO24-C. Do not open a file that is already open
IO.INJ.COMMAND ENV33-C. Do not call system()
IO.INJ.COMMAND STR02-C. Sanitize data passed to complex subsystems
IO.INJ.FMT FIO30-C. Exclude user input from format strings
IO.INJ.FMT FIO47-C. Use valid format strings
IO.INJ.FMT STR02-C. Sanitize data passed to complex subsystems
IO.INJ.LDAP STR02-C. Sanitize data passed to complex subsystems
IO.INJ.LIB STR02-C. Sanitize data passed to complex subsystems
IO.INJ.SQL STR02-C. Sanitize data passed to complex subsystems
IO.IOWOP FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call
IO.OIWOP FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call
IO.RACE FIO45-C. Avoid TOCTOU race conditions while accessing files
IO.RACE FIO01-C. Be careful using functions that use file names for identification
IO.RACE FIO24-C. Do not open a file that is already open
IO.TAINT.ADDR INT04-C. Enforce limits on integer values originating from tainted sources
IO.TAINT.FNAME FIO01-C. Be careful using functions that use file names for identification
IO.TAINT.FNAME FIO02-C. Canonicalize path names originating from tainted sources
IO.TAINT.SIZE MEM35-C. Allocate sufficient memory for an object
IO.TAINT.SIZE INT04-C. Enforce limits on integer values originating from tainted sources
IO.TAINT.SIZE MEM05-C. Avoid large stack allocations
IO.TAINT.SIZE MEM11-C. Do not assume infinite heap space
IO.UAC FIO46-C. Do not access a closed file
IO.UT.HOST INT04-C. Enforce limits on integer values originating from tainted sources
IO.UT.LIB STR02-C. Sanitize data passed to complex subsystems
IO.UT.PORT INT04-C. Enforce limits on integer values originating from tainted sources
IO.UT.PROC STR02-C. Sanitize data passed to complex subsystems
LANG.ARITH.BIGSHIFT INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand
LANG.ARITH.BIGSHIFT INT35-C. Use correct integer precisions
LANG.ARITH.DIVZERO INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors
LANG.ARITH.FDIVZERO INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors
LANG.ARITH.NEGSHIFT INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand
LANG.CAST.ARRAY.TEMP EXP35-C. Do not modify objects with temporary lifetime
LANG.CAST.ARRAY.TEMP ARR00-C. Understand how arrays work
LANG.CAST.COERCE INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
LANG.CAST.COERCE FIO34-C. Distinguish between characters read from a file and EOF or WEOF
LANG.CAST.COERCE API07-C. Enforce type safety
LANG.CAST.COERCE INT02-C. Understand integer conversion rules
LANG.CAST.COERCE INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
LANG.CAST.PC.AV INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
LANG.CAST.PC.CONST2PTR INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
LANG.CAST.PC.CONST2PTR INT36-C. Converting a pointer to integer or integer to pointer
LANG.CAST.PC.CRCQ DCL00-C. Const-qualify immutable objects
LANG.CAST.PC.CRCQ EXP05-C. Do not cast away a const qualification
LANG.CAST.PC.INT INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
LANG.CAST.PC.INT INT36-C. Converting a pointer to integer or integer to pointer
LANG.CAST.PC.OBJ EXP36-C. Do not cast pointers into more strictly aligned pointer types
LANG.CAST.RIP EXP14-C. Beware of integer promotion when performing bitwise operations on integer types smaller than int
LANG.CAST.VALUE INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
LANG.CAST.VALUE API07-C. Enforce type safety
LANG.CAST.VALUE INT02-C. Understand integer conversion rules
LANG.CAST.VALUE INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
LANG.ERRCODE.NOTEST ERR33-C. Detect and handle standard library errors
LANG.ERRCODE.NOTEST POS54-C. Detect and handle POSIX library errors
LANG.ERRCODE.NZ ERR33-C. Detect and handle standard library errors
LANG.ERRCODE.NZ POS54-C. Detect and handle POSIX library errors
LANG.FUNCS.APM EXP37-C. Call functions with the correct number and type of arguments
LANG.FUNCS.ASSERTS MSC11-C. Incorporate diagnostic tests using assertions
LANG.FUNCS.IRV ERR33-C. Detect and handle standard library errors
LANG.FUNCS.IRV POS54-C. Detect and handle POSIX library errors
LANG.FUNCS.IRV EXP12-C. Do not ignore values returned by functions
LANG.FUNCS.NORETURN MSC23-C. Beware of vendor-specific library and language differences
LANG.FUNCS.PROT DCL07-C. Include the appropriate type information in function declarators
LANG.FUNCS.PROT DCL20-C. Explicitly specify void when a function accepts no arguments
LANG.ID.AMBIG DCL02-C. Use visually distinct identifiers
LANG.ID.ND.EXT DCL23-C. Guarantee that mutually visible identifiers are unique
LANG.ID.ND.MM DCL23-C. Guarantee that mutually visible identifiers are unique
LANG.ID.ND.MO DCL23-C. Guarantee that mutually visible identifiers are unique
LANG.ID.ND.NEST DCL01-C. Do not reuse variable names in subscopes
LANG.ID.ND.NEST DCL23-C. Guarantee that mutually visible identifiers are unique
LANG.ID.ND.SS DCL23-C. Guarantee that mutually visible identifiers are unique
LANG.ID.NU.EXT DCL23-C. Guarantee that mutually visible identifiers are unique
LANG.ID.NU.INT DCL23-C. Guarantee that mutually visible identifiers are unique
LANG.ID.NU.LIBFN DCL23-C. Guarantee that mutually visible identifiers are unique
LANG.ID.NU.TAG DCL23-C. Guarantee that mutually visible identifiers are unique
LANG.ID.NU.TYPE DCL23-C. Guarantee that mutually visible identifiers are unique
LANG.MEM.BO ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
LANG.MEM.BO ARR37-C. Do not add or subtract an integer to a pointer to a non-array object
LANG.MEM.BO ARR38-C. Guarantee that library functions do not form invalid pointers
LANG.MEM.BO ARR39-C. Do not add or subtract a scaled integer to a pointer
LANG.MEM.BO STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
LANG.MEM.BO STR38-C. Do not confuse narrow and wide character strings and functions
LANG.MEM.BO IO.TAINT.SIZE MEM35-C. Allocate sufficient memory for an object
IO.TAINT.SIZE INT04-C. Enforce limits on integer values originating from tainted sources
IO.TAINT.SIZE MEM05-C. Avoid large stack allocations
IO.TAINT.SIZE MEM11-C. Do not assume infinite heap space
IO.UAC FIO46-C. Do not access a closed file
IO.UT.HOST INT04-C. Enforce limits on integer values originating from tainted sources
IO.UT.LIB STR02-C. Sanitize data passed to complex subsystems
IO.UT.PORT INT04-C. Enforce limits on integer values originating from tainted sources
IO.UT.PROC STR02-C. Sanitize data passed to complex subsystems
LANG.ARITH.BIGSHIFT INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand
LANG.ARITH.DIVZERO INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors
LANG.ARITH.FDIVZERO INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors
LANG.ARITH.NEGSHIFT INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand
LANG.CAST.COERCE INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
LANG.CAST.COERCE FIO34-C. Distinguish between characters read from a file and EOF or WEOF
LANG.CAST.COERCE API07-C. Enforce type safety
LANG.CAST.COERCE INT02-C. Understand integer conversion rules
LANG.CAST.COERCE INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
LANG.CAST.PC.AV INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
LANG.CAST.PC.CONST2PTR INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
LANG.CAST.PC.CONST2PTR INT36-C. Converting a pointer to integer or integer to pointer
LANG.CAST.PC.CRCQ DCL00-C. Const-qualify immutable objects
LANG.CAST.PC.CRCQ EXP05-C. Do not cast away a const qualification
LANG.CAST.PC.INT INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
LANG.CAST.PC.INT INT36-C. Converting a pointer to integer or integer to pointer
LANG.CAST.RIP EXP14-C. Beware of integer promotion when performing bitwise operations on integer types smaller than int
LANG.CAST.VALUE INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
LANG.CAST.VALUE API07-C. Enforce type safety
LANG.CAST.VALUE INT02-C. Understand integer conversion rules
LANG.CAST.VALUE INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
LANG.FUNCS.APM EXP37-C. Call functions with the correct number and type of arguments
LANG.FUNCS.ASSERTS MSC11-C. Incorporate diagnostic tests using assertions
LANG.FUNCS.IRV ERR33-C. Detect and handle standard library errors
LANG.FUNCS.IRV POS54-C. Detect and handle POSIX library errors
LANG.FUNCS.IRV EXP12-C. Do not ignore values returned by functions
LANG.FUNCS.PROT DCL07-C. Include the appropriate type information in function declarators
LANG.FUNCS.PROT DCL20-C. Explicitly specify void when a function accepts no arguments
LANG.ID.AMBIG DCL02-C. Use visually distinct identifiers
LANG.ID.ND.EXT DCL23-C. Guarantee that mutually visible identifiers are unique
LANG.ID.ND.MM DCL23-C. Guarantee that mutually visible identifiers are unique
LANG.ID.ND.MO DCL23-C. Guarantee that mutually visible identifiers are unique
LANG.ID.ND.NEST DCL01-C. Do not reuse variable names in subscopes
LANG.ID.ND.NEST DCL23-C. Guarantee that mutually visible identifiers are unique
LANG.ID.ND.SS DCL23-C. Guarantee that mutually visible identifiers are unique
LANG.ID.NU.EXT DCL23-C. Guarantee that mutually visible identifiers are unique
LANG.ID.NU.INT DCL23-C. Guarantee that mutually visible identifiers are unique
LANG.ID.NU.LIBFN DCL23-C. Guarantee that mutually visible identifiers are unique
LANG.ID.NU.TAG DCL23-C. Guarantee that mutually visible identifiers are unique
LANG.ID.NU.TYPE DCL23-C. Guarantee that mutually visible identifiers are unique
LANG.MEM.BO ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
LANG.MEM.BO ARR38-C. Guarantee that library functions do not form invalid pointers
LANG.MEM.BO STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
LANG.MEM.BO ENV01-C. Do not make assumptions about the size of an environment variable
LANG.MEM.BO EXP08-C. Ensure pointer arithmetic is used correctly
LANG.MEM.BU ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
LANG.MEM.BU ARR38-C. Guarantee that library functions do not form invalid pointers
LANG.MEM.BU EXP08-C. Ensure pointer arithmetic is used correctly
LANG.MEM.NPD EXP34-C. Do not dereference null pointers
LANG.MEM.TBA INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
LANG.MEM.TBA ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
LANG.MEM.TBA EXP08-C. Ensure pointer arithmetic is used correctly
LANG.MEM.TBA INT04-C. Enforce limits on integer values originating from tainted sources
LANG.MEM.TO ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
LANG.MEM.TO STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
LANG.MEM.TO ENV01-C. Do not make assumptions about the size of an environment variable
LANG.MEM.TO EXP08-C. Ensure pointer arithmetic is used correctly
LANG.MEM.TU ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
LANG.MEM.TU EXP08-C. Ensure pointer arithmetic is used correctly
LANG.MEM.UVAR EXP33-C. Do not read uninitialized memory
LANG.PREPROC.FUNCMACRO PRE00-C. Prefer inline or static functions to function-like macros
LANG.PREPROC.HASH PRE05-C. Understand macro replacement when concatenating tokens or performing stringification
LANG.PREPROC.MACROARG PRE32-C. Do not use preprocessor directives in invocations of function-like macros
LANG.PREPROC.MACROEND PRE02-C. Macro replacement lists should be parenthesized
LANG.PREPROC.MACROEND PRE11-C. Do not conclude macro definitions with a semicolon
LANG.PREPROC.MACROSTART PRE02-C. Macro replacement lists should be parenthesized
LANG.PREPROC.PASTE PRE30-C. Do not create a universal character name through concatenation
LANG.PREPROC.PASTE PRE05-C. Understand macro replacement when concatenating tokens or performing stringification
LANG.PREPROC.PASTEHASH PRE30-C. Do not create a universal character name through concatenation
LANG.STRUCT.CONDASSIG EXP45-C. Do not perform assignments in selection statements
LANG.STRUCT.DECL.FAM ARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer
LANG.STRUCT.DECL.IF DCL40-C. Do not create incompatible declarations of the same function or object
LANG.STRUCT.DECL.IO DCL40-C. Do not create incompatible declarations of the same function or object
LANG.STRUCT.DECL.MGT DCL23-C. Guarantee that mutually visible identifiers are unique
LANG.STRUCT.DECL.ML DCL04-C. Do not declare more than one variable per declaration
LANG.STRUCT.DECL.RESERVED DCL37-C. Do not declare or define a reserved identifier
LANG.STRUCT.EBS EXP15-C. Do not place a semicolon on the same line as an if, for, or while statement
LANG.STRUCT.EBS MSC12-C. Detect and remove code that has no effect or is never executed
LANG.STRUCT.ELLIPSIS DCL11-C. Understand the type issues associated with variadic functions
LANG.STRUCT.INIT.ENUM INT09-C. Ensure enumeration constants map to unique values
LANG.STRUCT.LOOP.FPC FLP30-C. Do not use floating-point variables as loop counters
LANG.STRUCT.LOOP.HR MSC21-C. Use robust loop termination conditions
LANG.STRUCT.LOOP.UB MSC21-C. Use robust loop termination conditions
LANG.STRUCT.MRS MSC37-C. Ensure that control never reaches the end of a non-void function
LANG.STRUCT.NTAD EXP34-C. Do not dereference null pointers
LANG.STRUCT.PARENS EXP00-C. Use parentheses for precedence of operation
LANG.STRUCT.PARITH EXP08-C. Ensure pointer arithmetic is used correctly
LANG.STRUCT.PBB ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
LANG.STRUCT.PBB EXP08-C. Ensure pointer arithmetic is used correctly
LANG.STRUCT.PIT DCL05-C. Use typedefs of non-pointer types only
LANG.STRUCT.PPE ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
LANG.STRUCT.PPE EXP08-C. Ensure pointer arithmetic is used correctly
LANG.STRUCT.RC MSC07-C. Detect and remove dead code
LANG.STRUCT.RC MSC12-C. Detect and remove code that has no effect or is never executed
LANG.STRUCT.RPL DCL30-C. Declare objects with appropriate storage durations
LANG.STRUCT.SCOPE.FILE DCL15-C. Declare file-scope objects or functions that do not need external linkage as static
LANG.STRUCT.SCOPE.FILE DCL19-C. Minimize the scope of variables and functions
LANG.STRUCT.SCOPE.LOCAL DCL19-C. Minimize the scope of variables and functions
LANG.MEM.BO POS30-C. Use the readlink() function properly
LANG.MEM.BO ENV01-C. Do not make assumptions about the size of an environment variable
LANG.MEM.BO EXP08-C. Ensure pointer arithmetic is used correctly
LANG.MEM.BU ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
LANG.MEM.BU ARR37-C. Do not add or subtract an integer to a pointer to a non-array object
LANG.MEM.BU ARR38-C. Guarantee that library functions do not form invalid pointers
LANG.MEM.BU ARR39-C. Do not add or subtract a scaled integer to a pointer
LANG.MEM.BU MEM35-C. Allocate sufficient memory for an object
LANG.MEM.BU EXP08-C. Ensure pointer arithmetic is used correctly
LANG.MEM.NPD EXP34-C. Do not dereference null pointers
LANG.MEM.TBA INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
LANG.MEM.TBA ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
LANG.MEM.TBA ARR37-C. Do not add or subtract an integer to a pointer to a non-array object
LANG.MEM.TBA ARR39-C. Do not add or subtract a scaled integer to a pointer
LANG.MEM.TBA STR38-C. Do not confuse narrow and wide character strings and functions
LANG.MEM.TBA MEM35-C. Allocate sufficient memory for an object
LANG.MEM.TBA POS30-C. Use the readlink() function properly
LANG.MEM.TBA EXP08-C. Ensure pointer arithmetic is used correctly
LANG.MEM.TBA INT04-C. Enforce limits on integer values originating from tainted sources
LANG.MEM.TO ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
LANG.MEM.TO ARR37-C. Do not add or subtract an integer to a pointer to a non-array object
LANG.MEM.TO ARR39-C. Do not add or subtract a scaled integer to a pointer
LANG.MEM.TO STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
LANG.MEM.TO MEM35-C. Allocate sufficient memory for an object
LANG.MEM.TO ENV01-C. Do not make assumptions about the size of an environment variable
LANG.MEM.TO EXP08-C. Ensure pointer arithmetic is used correctly
LANG.MEM.TU ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
LANG.MEM.TU ARR37-C. Do not add or subtract an integer to a pointer to a non-array object
LANG.MEM.TU ARR39-C. Do not add or subtract a scaled integer to a pointer
LANG.MEM.TU MEM35-C. Allocate sufficient memory for an object
LANG.MEM.TU EXP08-C. Ensure pointer arithmetic is used correctly
LANG.MEM.UVAR EXP33-C. Do not read uninitialized memory
LANG.MEM.UVAR FIO40-C. Reset strings on fgets() or fgetws() failure
LANG.PREPROC.FUNCMACRO PRE31-C. Avoid side effects in arguments to unsafe macros
LANG.PREPROC.FUNCMACRO PRE00-C. Prefer inline or static functions to function-like macros
LANG.PREPROC.HASH PRE05-C. Understand macro replacement when concatenating tokens or performing stringification
LANG.PREPROC.INCL.TGMATH_H MSC23-C. Beware of vendor-specific library and language differences
LANG.PREPROC.MACROARG PRE32-C. Do not use preprocessor directives in invocations of function-like macros
LANG.PREPROC.MACROEND PRE02-C. Macro replacement lists should be parenthesized
LANG.PREPROC.MACROEND PRE11-C. Do not conclude macro definitions with a semicolon
LANG.PREPROC.MACROSTART PRE02-C. Macro replacement lists should be parenthesized
LANG.PREPROC.PASTE PRE30-C. Do not create a universal character name through concatenation
LANG.PREPROC.PASTE PRE05-C. Understand macro replacement when concatenating tokens or performing stringification
LANG.PREPROC.PASTEHASH PRE30-C. Do not create a universal character name through concatenation
LANG.STRUCT.ALIGNAS MSC23-C. Beware of vendor-specific library and language differences
LANG.STRUCT.ALIGNAS.EZA MSC12-C. Detect and remove code that has no effect or is never executed
LANG.STRUCT.ALIGNAS.EZA MSC23-C. Beware of vendor-specific library and language differences
LANG.STRUCT.ALIGNAS.IAS MSC23-C. Beware of vendor-specific library and language differences
LANG.STRUCT.ALIGNAS.TMAS MSC23-C. Beware of vendor-specific library and language differences
LANG.STRUCT.ALIGNOF MSC23-C. Beware of vendor-specific library and language differences
LANG.STRUCT.CONDASSIG EXP45-C. Do not perform assignments in selection statements
LANG.STRUCT.CUP ARR36-C. Do not subtract or compare two pointers that do not refer to the same array
LANG.STRUCT.CUP EXP08-C. Ensure pointer arithmetic is used correctly
LANG.STRUCT.DECL.FAM MEM33-C. Allocate and copy structures containing a flexible array member dynamically
LANG.STRUCT.DECL.IF DCL40-C. Do not create incompatible declarations of the same function or object
LANG.STRUCT.DECL.IMPFN MSC23-C. Beware of vendor-specific library and language differences
LANG.STRUCT.DECL.IMPT DCL07-C. Include the appropriate type information in function declarators
LANG.STRUCT.DECL.IO DCL40-C. Do not create incompatible declarations of the same function or object
LANG.STRUCT.DECL.MGT DCL23-C. Guarantee that mutually visible identifiers are unique
LANG.STRUCT.DECL.ML DCL04-C. Do not declare more than one variable per declaration
LANG.STRUCT.DECL.NOEXT DCL36-C. Do not declare an identifier with conflicting linkage classifications
LANG.STRUCT.DECL.RESERVED DCL37-C. Do not declare or define a reserved identifier
LANG.STRUCT.DECL.VLA MSC23-C. Beware of vendor-specific library and language differences
LANG.STRUCT.EBS EXP15-C. Do not place a semicolon on the same line as an if, for, or while statement
LANG.STRUCT.EBS MSC12-C. Detect and remove code that has no effect or is never executed
LANG.STRUCT.ELLIPSIS DCL11-C. Understand the type issues associated with variadic functions
LANG.STRUCT.ICOL CON36-C. Wrap functions that can spuriously wake up in a loop
LANG.STRUCT.ICOL CON41-C. Wrap functions that can fail spuriously in a loop
LANG.STRUCT.INIT.ENUM INT09-C. Ensure enumeration constants map to unique values
LANG.STRUCT.INIT.UADI MSC23-C. Beware of vendor-specific library and language differences
LANG.STRUCT.LOOP.FPC FLP30-C. Do not use floating-point variables as loop counters
LANG.STRUCT.LOOP.HR MSC21-C. Use robust loop termination conditions
LANG.STRUCT.LOOP.UB MSC21-C. Use robust loop termination conditions
LANG.STRUCT.MRS MSC37-C. Ensure that control never reaches the end of a non-void function
LANG.STRUCT.NTAD EXP34-C. Do not dereference null pointers
LANG.STRUCT.PARENS EXP00-C. Use parentheses for precedence of operation
LANG.STRUCT.PARITH ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
LANG.STRUCT.PARITH ARR37-C. Do not add or subtract an integer to a pointer to a non-array object
LANG.STRUCT.PARITH ARR39-C. Do not add or subtract a scaled integer to a pointer
LANG.STRUCT.PARITH MEM35-C. Allocate sufficient memory for an object
LANG.STRUCT.PARITH EXP08-C. Ensure pointer arithmetic is used correctly
LANG.STRUCT.PBB ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
LANG.STRUCT.PBB ARR37-C. Do not add or subtract an integer to a pointer to a non-array object
LANG.STRUCT.PBB ARR39-C. Do not add or subtract a scaled integer to a pointer
LANG.STRUCT.PBB MEM35-C. Allocate sufficient memory for an object
LANG.STRUCT.PBB EXP08-C. Ensure pointer arithmetic is used correctly
LANG.STRUCT.PIT DCL05-C. Use typedefs of non-pointer types only
LANG.STRUCT.PPE ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
LANG.STRUCT.PPE ARR37-C. Do not add or subtract an integer to a pointer to a non-array object
LANG.STRUCT.PPE ARR39-C. Do not add or subtract a scaled integer to a pointer
LANG.STRUCT.PPE MEM35-C. Allocate sufficient memory for an object
LANG.STRUCT.PPE EXP08-C. Ensure pointer arithmetic is used correctly
LANG.STRUCT.RC ERR30-C. Take care when reading errno
LANG.STRUCT.RC MSC07-C. Detect and remove dead code
LANG.STRUCT.RC MSC12-C. Detect and remove code that has no effect or is never executed
LANG.STRUCT.RFCESH SIG35-C. Do not return from a computational exception signal handler
LANG.STRUCT.RPL DCL30-C. Declare objects with appropriate storage durations
LANG.STRUCT.RPNTC ENV30-C. Do not modify the object referenced by the return value of certain functions
LANG.STRUCT.RPNTC DCL00-C. Const-qualify immutable objects
LANG.STRUCT.SCOPE.FILE DCL15-C. Declare file-scope objects or functions that do not need external linkage as static
LANG.STRUCT.SCOPE.FILE DCL19-C. Minimize the scope of variables and functions
LANG.STRUCT.SCOPE.LOCAL DCL19-C. Minimize the scope of variables and functions
LANG.STRUCT.SE.CGEN EXP44-C. Do not rely on side effects in operands to sizeof, _Alignof, or _Generic
LANG.STRUCT.SE.COND EXP45-C. Do not perform assignments in selection statements
LANG.STRUCT.SE.DEC PRE31-C. Avoid side effects in arguments to unsafe macros
LANG.STRUCT.SE.DEC EXP30-C. Do not depend on the order of evaluation for side effects
LANG.STRUCT.SE.INC PRE31-C. Avoid side effects in arguments to unsafe macros
LANG.STRUCT.SE.INC EXP30-C. Do not depend on the order of evaluation for side effects
LANG.STRUCT.SE.INIT EXP30-C. Do not depend on the order of evaluation for side effects
LANG.STRUCT.SE.IOE EXP10-C. Do not depend on the order of evaluation of subexpressions or the order in which side effects take place LANG.STRUCT.SE.COND EXP45-C. Do not perform assignments in selection statements
LANG.STRUCT.SE.SIZEOF EXP44-C. Do not rely on side effects in operands to sizeof, _Alignof, or _Generic
LANG.STRUCT.SUP ARR36-C. Do not subtract or compare two pointers that do not refer to the same array
LANG.STRUCT.SUP EXP08-C. Ensure pointer arithmetic is used correctly
LANG.STRUCT.SW.BAD DCL41-C. Do not declare variables inside a switch statement before the first case label
LANG.STRUCT.SW.MB MSC17-C. Finish every set of statements associated with a case label with a break statement
LANG.STRUCT.SW.MPC MSC20-C. Do not use a switch statement to transfer control into a complex block
LANG.STRUCT.UA MSC12-C. Detect and remove code that has no effect or is never executed
LANG.STRUCT.UC MSC07-C. Detect and remove dead code
LANG.STRUCT.UC MSC12-C. Detect and remove code that has no effect or is never executed
LANG.STRUCT.UPD EXP34-C. Do not dereference null pointers
LANG.STRUCT.UPD API00-C. Functions should validate their parameters
LANG.STRUCT.USEASSIGN EXP45-C. Do not perform assignments in selection statements
LANG.STRUCT.UULABEL MSC12-C. Detect and remove code that has no effect or is never executed
LANG.STRUCT.UUMACRO MSC12-C. Detect and remove code that has no effect or is never executed
LANG.STRUCT.UUPARAM MSC12-C. Detect and remove code that has no effect or is never executed
LANG.STRUCT.UUTAG MSC12-C. Detect and remove code that has no effect or is never executed
LANG.STRUCT.UUTYPE MSC12-C. Detect and remove code that has no effect or is never executed
LANG.STRUCT.UUVAL MSC13-C. Detect and remove unused values
LANG.TYPE.AWID INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
LANG.TYPE.BASIC INT01-C. Use rsize_t or size_t for all integer values representing the size of an object
LANG.TYPE.BFSIGN INT12-C. Do not make assumptions about the type of a plain int bit-field when used in an expression
LANG.TYPE.CBCONST DCL13-C. Declare function parameters that are pointers to values not changed by the function as const
LANG.TYPE.CSUF DCL16-C. Use "L," not "l," to indicate a long value
LANG.TYPE.IAT FLP34-C. Ensure that floating-point conversions are within range of the new type
LANG.TYPE.IAT FLP36-C. Preserve precision when converting integral values to floating-point type
LANG.TYPE.IAT STR04-C. Use plain char for characters in the basic character set
LANG.TYPE.ICA STR04-C. Use plain char for characters in the basic character set
LANG.TYPE.IOT EXP46-C. Do not use a bitwise operator with a Boolean-like operand
LANG.TYPE.IOT INT07-C. Use only explicitly signed or unsigned char type for numeric values
LANG.TYPE.IOT INT13-C. Use bitwise operators only on unsigned operands
LANG.TYPE.IOT STR04-C. Use plain char for characters in the basic character set
LANG.TYPE.MOT FLP06-C. Convert integers to floating point for floating-point operations
LANG.TYPE.MOT STR04-C. Use plain char for characters in the basic character set
LANG.TYPE.NCS STR05-C. Use pointers to const when referring to string literals
LANG.TYPE.OC DCL18-C. Do not begin integer constants with 0 when specifying a decimal value
LANG.TYPE.OWID INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
LANG.TYPE.RESTRICT EXP43-C. Avoid undefined behavior when using restrict-qualified pointers -qualified pointers
LANG.TYPE.SAP ARR01-C. Do not apply the sizeof operator to a pointer when taking the size of an array
LANG.TYPE.VCBC DCL00-C. Const-qualify immutable objects
LANG.TYPE.VCBC VMAT DCL00 MSC23-C. Const-qualify immutable objects Beware of vendor-specific library and language differences
MATH.DOMAIN FLP32-C. Prevent or detect domain and range errors in math functions
MATH.DOMAIN.ATAN FLP32-C. Prevent or detect domain and range errors in math functions
MATH.DOMAIN.FE_INVALID FLP32-C. Prevent or detect domain and range errors in math functions
MATH.DOMAIN.LOG FLP32-C. Prevent or detect domain and range errors in math functions
MATH.DOMAIN.POW FLP32-C. Prevent or detect domain and range errors in math functions
MATH.DOMAIN.SQRT FLP32-C. Prevent or detect domain and range errors in math functions
MATH.DOMAIN.TOOHIGH FLP32-C. Prevent or detect domain and range errors in math functions
MATH.DOMAIN.TOOLOW FLP32-C. Prevent or detect domain and range errors in math functions
MATH.RANGE FLP32-C. Prevent or detect domain and range errors in math functions
MATH.RANGE.COSH.TOOHIGH FLP32-C. Prevent or detect domain and range errors in math functions
MATH.RANGE.COSH.TOOLOW FLP32-C. Prevent or detect domain and range errors in math functions
MATH.RANGE.GAMMA FLP32-C. Prevent or detect domain and range errors in math functions
MATH.RANGE.GAMMA MSC23-C. Beware of vendor-specific library and language differences
MATH.RANGE.LOG FLP32-C. Prevent or detect domain and range errors in math functions
MISC.CHROOT.NOCHDIR POS05-C. Limit access to files by creating a jail
MISC.CRYPTO.TIMESEED MSC32-C. Properly seed pseudorandom number generators
MISC.FMT FIO30-C. Exclude user input from format strings
MISC.FMT FIO47-C. Use valid format strings
MISC.FMTTYPE FIO47-C. Use valid format strings
MISC.MEM.NTERM STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
MISC.MEM.NTERM STR03-C. Do not inadvertently truncate a string
MISC.MEM.NTERM.CSTRING STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string -terminated character sequence to a library function that expects a string
MISC.MEM.NTERM.CSTRING POS30-C. Use the readlink() function properly
MISC.MEM.SIZE.ADDOFLOW INT30-C. Ensure that unsigned integer operations do not wrap
MISC.MEM.SIZE.ADDOFLOW INT32-C. Ensure that operations on signed integers do not result in overflow
MISC.MEM.SIZE.ADDOFLOW INT08-C. Verify that all integer values are in range
MISC.MEM.SIZE.ADDOFLOW INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
MISC.MEM.SIZE.BAD INT30-C. Ensure that unsigned integer operations do not wrap
MISC.MEM.SIZE.BAD INT32-C. Ensure that operations on signed integers do not result in overflow
MISC.MEM.SIZE.BAD ARR32-C. Ensure size arguments for variable length arrays are in a valid range
MISC.MEM.SIZE.BAD MEM35-C. Allocate sufficient memory for an object
MISC.MEM.SIZE.BAD INT08-C. Verify that all integer values are in range
MISC.MEM.SIZE.BAD INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
MISC.MEM.SIZE.BAD MEM05-C. Avoid large stack allocations
MISC.MEM.SIZE.BAD MEM11-C. Do not assume infinite heap space
MISC.MEM.SIZE.MULOFLOW INT30-C. Ensure that unsigned integer operations do not wrap
MISC.MEM.SIZE.MULOFLOW INT32-C. Ensure that operations on signed integers do not result in overflow
MISC.MEM.SIZE.MULOFLOW INT08-C. Verify that all integer values are in range
MISC.MEM.SIZE.MULOFLOW INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
MISC.MEM.SIZE.SUBUFLOW INT30-C. Ensure that unsigned integer operations do not wrap
MISC.MEM.SIZE.SUBUFLOW INT32-C. Ensure that operations on signed integers do not result in overflow
MISC.MEM.SIZE.SUBUFLOW INT08-C. Verify that all integer values are in range
MISC.MEM.SIZE.SUBUFLOW INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
MISC.MEM.SIZE.TRUNC INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
MISC.MEM.SIZE.TRUNC INT02-C. Understand integer conversion rules
MISC.MEM.SIZE.TRUNC INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
MISC.NEGCHAR STR34-C. Cast characters to unsigned char before converting to larger integer sizes
MISC.NEGCHAR STR37-C. Arguments to character-handling functions must be representable as an unsigned char
MISC.NEGCHAR INT05-C. Do not use input functions to convert character data if they cannot handle all possible inputs
MISC.NEGCHAR STR00-C. Represent characters using an appropriate type
MISC.NOEFFECT MSC12-C. Detect and remove code that has no effect or is never executed
MISC.PADDING.POTB DCL39-C. Avoid information leakage when passing a structure across a trust boundary
MISC.PWD.PLAIN MSC18-C. Be careful while handling sensitive data, such as passwords, in program code
MISC.PWD.PLAINTRAN MSC18-C. Be careful while handling sensitive data, such as passwords, in program code