SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 71

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The Win32 SDK headers make use of type definitions for most of the types involved in Win32 APIs, but the following this noncompliant solution code example demonstrates a const-correctness bug:

...

Note that many structures in the Win32 API are declared with pointer type definitions but not pointer-to-const  type type definitions (LPPOINT, LPSIZE, and others). In these cases, it is suggested that you create your own type definition from the base structure type.

Code Block
bgColor#FFcccc
langc
#include <Windows.h>
/*
  typedef struct tagPOINT {
    long x, y;
  } POINT, *LPPOINT;
*/
 
void func(const LPPOINT pt) {
  /* Can modify pt's contents, against expectations */
}

Compliant

...

Solution (Windows)

Code Block
bgColor#ccccff
langc
#include <Windows.h>
/*
  typedef struct tagPOINT {
    long x, y;
  } POINT, *LPPOINT;
*/
 
typedef const POINT *LPCPOINT;
void func(LPCPOINT pt) {
  /* Cannot modify pt's contents */
}

...

Function pointer types are an exception to this recommendation. 
Noncompliant Code Example
The following In this noncompliant code example, the declaration of the signal() function is difficult to read and comprehend:
...
 Code Block
bgColor#ccccff
langc
typedef void SighandlerType(int signum);
extern SighandlerType *signal(
  int signum,
  SighandlerType *handler
);

Exceptions
Function pointer types are an exception to this recommendation. 
Risk Assessment
Code readability is important for discovering and eliminating vulnerabilities.
Recommendation
Severity
Likelihood
Remediation Cost
Priority
Level
DCL05-C
Low
Unlikely
Medium
P2
L3
Automated Detection
Tool
Version
Checker
Description
Astrée
 Include Page
Astrée_V
Astrée_V
pointer-typedefFully checked
Axivion Bauhaus Suite
 Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V
CertC-DCL05
CodeSonar
 Include Page
CodeSonar_V
CodeSonar_V
LANG.STRUCT.PITPointer type inside typedef
Compass/ROSE
 
 



Helix QAC
 Include Page
Helix QAC_V
Helix QAC_V
C5004
 

LDRA tool suite
 Include Page
LDRA_V
LDRA_V
299 S

381 S

Partially implemented
Parasoft C/C++test
 Include Page
Parasoft_V
Parasoft_V
CERT_C-DCL05-a
Declare a type of parameter as typedef to pointer to const if the pointer is not used to modify the addressed object
RuleChecker
 Include Page
RuleChecker_V
RuleChecker_V
pointer-typedef
Fully checked
Fully implemented
PRQA QA-C Include PagePRQA_VPRQA_VSecondary analysisFully implemented
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
CERT C Secure Coding StandardDCL12-C. Implement abstract data types using opaque types
SEI CERT C++ 
 Secure 
 Coding StandardVOID DCL05-CPP. Use typedefs to improve code readability
...

...
Image Modified Image Modified Image Modified