Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The Win32 SDK headers make use of type definitions for most of the types involved in Win32 APIs, but the following this noncompliant solution code example demonstrates a const-correctness bug:

...

Note that many structures in the Win32 API are declared with pointer type definitions but not pointer-to-const  type type definitions (LPPOINT, LPSIZE, and others). In these cases, it is suggested that you create your own type definition from the base structure type.

Code Block
bgColor#FFcccc
langc
#include <Windows.h>
/*
  typedef struct tagPOINT {
    long x, y;
  } POINT, *LPPOINT;
*/
 
void func(const LPPOINT pt) {
  /* Can modify pt's contents, against expectations */
}

Compliant

...

Solution (Windows)

Code Block
bgColor#ccccff
langc
#include <Windows.h>
/*
  typedef struct tagPOINT {
    long x, y;
  } POINT, *LPPOINT;
*/
 
typedef const POINT *LPCPOINT;
void func(LPCPOINT pt) {
  /* Cannot modify pt's contents */
}

Exceptions

...

Noncompliant Code Example

The following In this noncompliant code example, the declaration of the signal() function is difficult to read and comprehend:

...

Code Block
bgColor#ccccff
langc
typedef void SighandlerType(int signum);
extern SighandlerType *signal(
  int signum,
  SighandlerType *handler
);

Exceptions

Function pointer types are an exception to this recommendation. 

Risk Assessment

Code readability is important for discovering and eliminating vulnerabilities.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

DCL05-C

Low

Unlikely

Medium

P2

L3

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
pointer-typedefFully checked
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-DCL05
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
LANG.STRUCT.PITPointer type inside typedef
Compass/ROSE

 

 




Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C5004
 

LDRA tool suite
Include Page
LDRA_V
LDRA_V

299 S


381 S


Partially implemented

Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V
CERT_C-DCL05-a

Declare a type of parameter as typedef to pointer to const if the pointer is not used to modify the addressed object

RuleChecker
Include Page
RuleChecker_V
RuleChecker_V
pointer-typedef
Fully checked

Fully implemented

PRQA QA-C Include PagePRQA_VPRQA_VSecondary analysisFully implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

...

...


...

Image Modified Image Modified Image Modified