...
The Win32 SDK headers make use of type definitions for most of the types involved in Win32 APIs, but the following this noncompliant solution code example demonstrates a const
-correctness bug:
...
Note that many structures in the Win32 API are declared with pointer type definitions but not pointer-to-const
type type definitions (LPPOINT
, LPSIZE
, and others). In these cases, it is suggested that you create your own type definition from the base structure type.
Code Block | ||||
---|---|---|---|---|
| ||||
#include <Windows.h> /* typedef struct tagPOINT { long x, y; } POINT, *LPPOINT; */ void func(const LPPOINT pt) { /* Can modify pt's contents, against expectations */ } |
Compliant
...
Solution (Windows)
Code Block | ||||
---|---|---|---|---|
| ||||
#include <Windows.h> /* typedef struct tagPOINT { long x, y; } POINT, *LPPOINT; */ typedef const POINT *LPCPOINT; void func(LPCPOINT pt) { /* Cannot modify pt's contents */ } |
Exceptions
...
Noncompliant Code Example
The following In this noncompliant code example, the declaration of the signal()
function is difficult to read and comprehend:
...
Code Block | ||||
---|---|---|---|---|
| ||||
typedef void SighandlerType(int signum); extern SighandlerType *signal( int signum, SighandlerType *handler ); |
Exceptions
Function pointer types are an exception to this recommendation.
Risk Assessment
Code readability is important for discovering and eliminating vulnerabilities.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
DCL05-C | Low | Unlikely | Medium | P2 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Astrée |
| pointer-typedef | Fully checked | ||||||
Axivion Bauhaus Suite |
| CertC-DCL05 | |||||||
CodeSonar |
| LANG.STRUCT.PIT | Pointer type inside typedef | ||||||
Compass/ROSE |
Helix QAC |
| C5004 |
LDRA tool suite |
| 299 S |
381 S
Partially implemented | |||||||||
Parasoft C/C++test |
| CERT_C-DCL05-a | Declare a type of parameter as typedef to pointer to const if the pointer is not used to modify the addressed object | ||||||
RuleChecker |
| pointer-typedef | Fully checked |
Fully implemented
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
...
...
...