Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: corrected reference

Anchor
abnormal terminationend
abnormal terminationend

abnormal termination [Open Group 2008]
Abnormal termination occurs when requested by the abort() function or when some signals are received. See also normal termination.end [ISO/IEC/IEEE 24765:2010]
Termination of a process prior to completion.

Anchor
abnormal termination
abnormal termination
Anchor
abnormal program termination
abnormal program termination

abnormal program termination See abnormal end.

Anchor
analyzer
analyzer

analyzer
[ISO/IEC TS 17961:2013]
Mechanism that Anchoranalyzeranalyzeranalyzer
Mechanism that diagnoses coding flaws in software programs.

NOTE
Analyzers may include static analysis tools, tools within a compiler suite, or tools in other contexts.

Anchor
async-signal-safe
async-signal-safe

async-signal-safe function [ISO/IEC 9945:2008]
A function that may be invoked, without restriction, from signal-catching functions. No function (defined in ISO/IEC 9945) is async-signal-safe unless explicitly described as such. See also asynchronous-safe.

Anchor
asynchronous-safe
asynchronous-safe
Anchor
asynchronous-safe function
asynchronous-safe function
Anchor
async-signal-safe
async-signal-safe

asynchronous-safe function [GNU Pth]
A function is asynchronous-safe, or asynchronous-signal safe, if it can be called safely and without side effects from within a signal handler context. That is, it must be able to be interrupted at any point to run linearly out of sequence without causing an inconsistent state. It must also function properly when global data might itself be in an inconsistent state. Some asynchronous-safe operations are listed here:

  • call Call the signal() function to reinstall a signal handler.
  • unconditionally Unconditionally modify a volatile sig_atomic_t variable (as modification to this type is atomic).
  • call Call the _Exit() function to immediately terminate program execution.
  • invoke Invoke an asynchronous-safe function, as specified by your the implementation.

Few functions are portably asynchronous-safe. If a function performs any other operations, it is probably not portably asynchronous-safe.

Anchor
availability
availability

availability [IEEE Std 610.12 1990]
The degree to which a system or component is operational and accessible when required for use. Often expressed as a probability.

Anchor
conforming programconforming program
conforming [ISO/IEC 9899:2011]
Conforming programs may depend on nonportable features of a conforming implementation. Anchordata flow analysisdata flow analysisdata flow analysis
Tracking of value constraints along nonexcluded paths through the code.

NOTE 1 Tracking can be performed intraprocedurally, with various assumptions made about what happens at function call boundaries, or interprocedurally, where values are tracked flowing into function calls (directly or indirectly) as arguments and flowing back out either as return values or indirectly through arguments.

NOTE 2 Data flow analysis may or may not track values flowing into or out of the heap or take into account global variables. When this specification refers to values flowing, the key point is contrast with variables or expressions, because a given variable or expression may hold different values along different paths, and a given value may be held by multiple variables or expressions along a path.

...

condition predicate
condition predicate

condition predicate
An expression constructed from the variables of a function that must be true for a thread to be allowed to continue execution.

Anchor
conforming program
conforming program

conforming [ISO/IEC 9899:2011]
Conforming programs may depend on nonportable features of a conforming implementation.

Anchor
critical sections
critical sections

critical sections

Code that accesses shared data and would otherwise be protected from data races.

Anchor
dangling pointer
dangling pointer

dangling pointer

A pointer to deallocated memory.

Anchor
data flow analysis
data flow analysis

data flow analysis

Tracking of value constraints along nonexcluded paths through the code.

NOTE
Tracking can be performed intraprocedurally, with various assumptions made about what happens at function call boundaries, or interprocedurally, where values are tracked flowing into function calls (directly or indirectly) as arguments and flowing back out either as return values or indirectly through arguments.
Data flow analysis may or may not track values flowing into or out of the heap or take into account global variables. When this specification refers to values flowing, the key point is contrast with variables or expressions because a given variable or expression may hold different values along different paths and a given value may be held by multiple variables or expressions along a path.

Anchor
data race
data race

data race [ISO/IEC 9899:2011]
The execution of a program contains a data race if it contains two conflicting actions in different threads, at least one of which is not atomic, and neither happens before the other. Any such data race results in undefined behavior.

Anchor
denial-of-service
denial-of-service
Anchor
dos
dos

denial-of-service attack
Also DoS attack. An attempt to make a computer resource unavailable to its intended users.

Anchor
diagnostic message
diagnostic message

diagnostic message
 [ISO/IEC 9899:2011]
A message belonging to an implementation-defined subset of the implementation’s message output. A diagnostic message may indicate a constraint violation or a valid but questionable language construct. Messages typically include the file name and line number pointing to the offending code construct. In addition, implementations often indicate the severity of the problem. Although the C Standard does not specify any such requirement, the most severe problems often cause implementations to fail to fully translate a translation unit. Diagnostics output in such cases are termed errors. Other problems may cause implementations simply to issue a warning message and continue translating the rest of the program. See error message and warning message.

Anchor
double-free vulnerability
double-free vulnerability

double-free vulnerability
An exploitable error resulting from the same allocated object being freed more than once.

Anchor
error
error
Anchor
error message
error message

error message

A diagnostic message generated when source code is encountered that prevents an implementation from translating a translation unit. See diagnostic message and warning message.

Anchor
error tolerance
error tolerance

error

...

diagnostic message [ISO/IEC 9899:2011]
According to the C11 standard, a diagnostic message is a message belonging to an implementation-defined subset of the implementation’s message output. A diagnostic message may indicate a constraint violation, or a valid but questionable language construct. Messages typically include the file name and line number pointing to the offending code construct. In addition, implementations also often indicate the severity of the problem. While the C standard doesn't specify any such requirement, the most severe problems often cause implementations to fail to successfully translate a translation unit. Diagnostics output in such cases are termed errors. Other problems may cause implementations to simply issue a warning message and continue translating the rest of the program.

...

error
A diagnostic message generated when source code is encountered that prevents an implementation from translating a translation unit.

...

fail safe [IEEE Std 610.12 1990]
Pertaining to a system or component that automatically places itself in a safe operating mode in the event of a failure—for example, a traffic light that reverts to blinking red in all directions when normal operation fails.

...

fatal diagnostic
A diagnostic message which causes an implementation not to perform the translation.

Anchorfault tolerancefault tolerancefault tolerance [IEEE Std 610.12 1990]
The ability of a system or component to continue normal operation despite the presence of hardware or software faultserroneous inputs.

Anchor
freestanding environmentexploitfreestanding environment
exploit
freestanding environment
exploit [ISO/IEC 9899TS 17961:2011]
An environment in which C program execution may take place without any benefit of an operating system. Program startup might occur at some function other than main(), complex types might not be implemented, and only certain minimal library facilities are guaranteed to be available. Anchorfunction-like macrofunction-like macro function-like macro [ISO/IEC 9899:2011]
A #define preprocessing directive that defines an identifier immediately followed by zero or more parameters, the ellipsis (...), or a combination of the two, enclosed in parentheses, similar syntactically to a function call. Subsequent instances of the macro name followed by a parenthesized list of arguments in a translation unit are replaced by the replacement list of preprocessing tokens that constitute the remainder of the directive. See 2013]
Technique that takes advantage of a security vulnerability to violate an explicit or implicit security policy.

Anchor
fail safe
fail safe

fail safe
[IEEE Std 610.12 1990]
Pertaining to a system or component that automatically places itself in a safe operating mode in the event of a failure—for example, a traffic light that reverts to blinking red in all directions when normal operation fails.

Anchor
fail soft
fail soft

fail soft [IEEE Std 610.12 1990]
Pertaining to a system or component that continues to provide partial operational capability in the event of certain failures—for example, a traffic light that continues to alternate between red and green if the yellow light fails.

Anchor
fatal diagnostic
fatal diagnostic

fatal diagnostic

A diagnostic message that causes an implementation not to perform the translation.

Anchor
fault tolerance
fault tolerance

fault tolerance [IEEE Std 610.12 1990]
The ability of a system or component to continue normal operation despite the presence of hardware or software faults.

Anchor
freestanding environment
freestanding environment

freestanding environment also object-like macro and unsafe function-like macro. Anchorhosted environmenthosted environment hosted environment [ISO/IEC 9899:2011]
An environment that is not freestanding. Program startup occurs at main(), complex types are implemented, and all C Standard library facilities are available. Anchorimplementationimplementation implementation [ISO/IEC 9899:2011]
An environment in which C program execution may take place without any benefit of an operating system. Program startup might occur at some function other than main(), complex types might not be implemented, and only certain minimal library facilities are guaranteed to be available.

Anchor
function-like macro
function-like macro

function-like macro Particular set of software, running in a particular translation environment under particular control options, that performs translation of programs for, and supports execution of functions in, a particular execution environment. Anchorimplementation-defined behaviorimplementation-defined behavior implementation-defined behavior [ISO/IEC 9899:2011]
Unspecified behavior whereby each implementation documents how the choice is made. Anchorin-band error indicatorin-band error indicatorin-band error indicator
A library function return value on error that can never be returned by a successful call to that library function.A #define preprocessing directive that defines an identifier immediately followed by zero or more parameters, the ellipsis (...), or a combination of the two, enclosed in parentheses, similar syntactically to a function call. Subsequent instances of the macro name followed by a parenthesized list of arguments in a translation unit are replaced by the replacement list of preprocessing tokens that constitute the remainder of the directive. See object-like macro and unsafe function-like macro.

Anchor
hosted environment
hosted environment

hosted environment Anchorincomplete typeincomplete type incomplete type [ISO/IEC 9899:2011]
A type that describes an identifier but lacks information needed to determine the size of the identifierAn environment that is not freestanding. Program startup occurs at main(), complex types are implemented, and all C standard library facilities are available.

Anchor
indeterminate valueimplementationindeterminate value
implementation
indeterminate value
implementation [ISO/IEC 9899:2011]
Either an unspecified value or a trap representation. AnchorParticular set of software, running in a particular translation environment under particular control options, that performs translation of programs for, and supports execution of functions in, a particular execution environment.

Anchor
implementation-defined behavior
implementation-defined behavior

implementation-defined behavior [ISO/IEC 9899:2011]
Unspecified behavior whereby each implementation documents how the choice is made.

Anchor
in-band error indicator
in-band error indicator

in-band error indicator[ISO/IEC TS 17961:2013]
A library function return value on error that can never be returned by a successful call to that library function.

Anchor
incomplete type
incomplete type

incomplete type invalid pointerinvalid pointer invalid pointer
A pointer that is not a valid pointer. Anchorlivenessliveness liveness
Every operation or method invocation executes to completion without interruptions, even if it goes against safety. Anchorlocale-specific behaviorlocale-specific behavior locale-specific behavior [ISO/IEC 9899:2011]
Behavior that depends on local conventions of nationality, culture, and language that each implementation documents. Anchorlvaluelvalue lvalue [ISO/IEC 9899:2011]
An expression with an object type or an incomplete type other than void. The name lvalue comes originally from the assignment expression E1 = E2, in which the left operand E1 is required to be a (modifiable) lvalue. It is perhaps better considered as representing an object "locator value." Anchormitigationmitigation mitigation [Seacord 2005a]
Methods, techniques, processes, tools, or runtime libraries that can prevent or limit exploits against vulnerabilities. Anchormutilated valuemutilated valuemutilated value
 Result of an operation performed on an untainted value that yields either an undefined result (such as the result of signed integer overflow), the result of right-shifting a negative number, implicit conversion to an integral type where the value cannot be represented in the destination type, or unsigned integer wrapping.

EXAMPLE
int j = INT_MAX + 1; // j is mutilated
char c = 1234; // c is mutilated if char is eight bits
unsigned int u = 0U - 1; // u is mutilated

...

A type that describes an identifier but lacks information needed to determine the size of the identifier.

Anchor
indeterminate value
indeterminate value

indeterminate value [ISO/IEC 9899:2011]
Either an unspecified value or a trap representation.

Anchor
invalid pointer
invalid pointer

invalid pointer
A pointer that is not a valid pointer.

Anchor
liveness
liveness

liveness
Every operation or method invocation executes to completion without interruptions, even if it goes against safety.

Anchor
locale-specific behavior
locale-specific behavior

locale-specific behavior [ISO/IEC 9899:2011]
Behavior that depends on local conventions of nationality, culture, and language that each implementation documents.

Anchor
lvalue
lvalue

lvalue [ISO/IEC 9899:2011]
An expression with an object type or an incomplete type other than void. The name lvalue comes originally from the assignment expression E1 = E2, in which the left operand E1 is required to be a (modifiable) lvalue. It is perhaps better considered as representing an object "locator value."

Anchor
mitigation
mitigation

mitigation [Seacord 2005a]
Methods, techniques, processes, tools, or runtime libraries that can prevent or limit exploits against vulnerabilities.

Anchor
nonpersistent signal handler
nonpersistent signal handler

nonpersistent signal handler
Signal handler running on an implementation that requires the program to again register the signal handler after occurrences of the signal to catch subsequent occurrences of that signal.

Anchor
normal termination
normal termination

normal termination[Open Group 2008program termination [IEEE Std 1003.1-2013]
Normal termination occurs by a return from main(), when requested with the exit(), _exit(), or _Exit() functions, or when the last thread in the process terminates by returning from its start function , by calling the pthread_exit() function, or through cancellation. See also abnormal termination.

Anchor
object-like macro
object-like macro

object-like macro [ISO/IEC 9899:2011]
A #define preprocessing directive that defines an identifier with no parentheses. Subsequent instances of the macro name in a translation unit are replaced by the replacement list of preprocessing tokens that constitute the remainder of the directive. See also function-like macromacro.

Anchor
out-of-band error indicator
out-of-band error indicator

out-of-band error indicator [ISO/IEC TS 17961:2013]
A library function return value used to indicate nothing but the error status.

Anchor
out-of-band error indicatordomain value
out-of-band error indicatordomain value

out-of-band error indicator
A library function return value used to indicate nothing but the error status. Anchorout-of-domain valueout-of-domain valueout-of-domain value
One of a set of values that is not in the domain of a particular operator or function. Anchordomain value [ISO/IEC TS 17961:2013]
One of a set of values that is not in the domain of a particular operator or function.

Anchor
reentrant
reentrant

reentrant [ISO/IEC/IEEE 24765:2010 ]
Pertaining to a software module that can be entered as part of one process while also in execution as part of another process and still achieve the desired results.

Anchor
reliability
reliability

reliability [IEEE Std 610.12 1990]
The ability of a system or component to perform its required functions under stated conditions for a specified period of time.

Anchor
restricted sink
restricted sink

restricted sink [ISO/IEC 9899:2011]
Operands and arguments whose domain is a subset of the domain described by their types.

Anchor
robustness
robustness

robustness reentrantreentrant reentrant [Dowd 2006]
A function is reentrant if multiple instances of the same function can run in the same address space concurrently without creating the potential for inconsistent states. Anchorreliabilityreliability reliability [IEEE Std 610.12 1990]
The ability of degree to which a system or component to perform its required functions under stated conditions for a specified period of timecan function correctly in the presence of invalid inputs or stressful environmental conditions.

Anchor
restricted sinkrvaluerestricted sink
restricted sink
Operands and arguments whose domain is a subset of the domain described by their types.

NOTE 1 Undefined or unexpected behavior may occur if a tainted value is supplied as a value to a restricted sink.
NOTE 2 A diagnostic is required if a tainted value is supplied to a restricted sink.
NOTE 3 Different restricted sinks may impose different validity constraints for the same value; a given value can be tainted with respect to one restricted sink but sanitized (and consequently no longer tainted) with respect to a different restricted sink.
NOTE 4 Specific restricted sinks and requirements for sanitizing tainted values are described in specific rules dealing with taint analysis (see ISO/IEC TS 17961 (Draft): 5.8, 5.14, 5.24, 5.30, 5.39, and 5.46).

rvalue

rvalue [ISO/IEC 9899:2011]
Value of an expression.

Anchor
sanitize
sanitize

sanitize [ISO/IEC TS 17961:2013]
Assure by testing or replacement that a tainted or other value conforms to the constraints imposed by one or more restricted sinks into which it may flow.

NOTE
If the value does not conform, either the path is diverted to avoid using the value or a different, known-conforming value is substituted—for example, adding a null character to the end of a buffer before passing it as an argument to the strlen function.

Anchor
security flaw
security flaw

security flaw [ISO/IEC TS 17961:2013]
Defect that poses a potential security risk.

Anchor
security policy
security policy

security policy [Internet Society 2000]
Set of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources.

Anchor
sequence point
sequence point

sequence point Anchorrobustnessrobustness robustness [IEEE Std 610.12 1990]
The degree to which a system or component can function correctly in the presence of invalid inputs or stressful environmental conditions. Anchorrvaluervalue rvalue [ISO/IEC 9899:2011]
Value of an expression. Anchorsanitizesanitizesanitize
Assure by testing or replacement that a tainted or other value conforms to the constraints imposed by one or more restricted sinks into which it may flow.

NOTE If the value does not conform, either the path is diverted to avoid using the value or a different, known-conforming value is substituted.
EXAMPLE Adding a null character to the end of a buffer before passing it as an argument to the strlen function.

Evaluation of an expression may produce side effects. At specific points in the execution sequence called sequence points, all side effects of previous evaluations have completed, and no side effects of subsequent evaluations have yet taken place.

Anchor
side effect
side effect
Anchor
side effects
side effects

side effect [ISO/IEC 9899:2011]
Changes in the state of the execution environment achieved by accessing a volatile object, modifying an object, modifying a file, or calling a function that does any of those operations.

NOTE
The IEC 60559 standard for binary floating-point arithmetic requires certain user-accessible status flags and control modes. Floating-point operations implicitly set the status flags; modes affect result values of floating-point operations. Implementations that support such a floating-point state are required to regard changes to it as side effects. These are detailed in Annex F of the C Standard.

Anchor
static analysis
static analysis

static analysis [ISO/IEC TS 17961:2013]
Any process for assessing code without executing it.

Anchor
strictly conforming
strictly conforming

strictly conforming Anchorsecurity flawsecurity flaw security flaw [Seacord 2005a]
Defect that poses a potential security risk. Anchorsecurity policysecurity policy security policy [Internet Society 2000]
Set of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources. Anchorsequence pointsequence point sequence point [ISO/IEC 9899:2011]
Evaluation of an expression may produce side effects. At specific points in the execution sequence called sequence points, all side effects of previous evaluations have completed, and no side effects of subsequent evaluations have yet taken place. Anchorside effectside effect Anchorside effectsside effects side effect [ISO/IEC 9899:2011]
Changes in the state of the execution environment achieved by accessing a volatile object, modifying an object, modifying a file, or calling a function that does any of those operations.

NOTE The IEC 60559 standard for binary floating-point arithmetic requires certain user-accessible status flags and control modes. Floating-point operations implicitly set the status flags; modes affect result values of floating-point operations. Implementations that support such floating-point state are required to regard changes to it as side effects. These are detailed in Annex F of the C Standard.

...

A strictly conforming program is one that uses only those features of the language and library specified in the international standard. Strictly conforming programs are intended to be maximally portable among conforming implementations and cannot, for example, depend on implementation-defined behavior.

Anchor
string
string

string
[ISO/IEC 9899:2011]
A contiguous sequence of characters terminated by and including the first null character.

Anchor
tainted source
tainted source

tainted source [ISO/IEC TS 17961:2013]
External source of untrusted data.

NOTE
Tainted sources include

    • parameters to the main() function
    • the returned values from localeconv(), fgetc(), getc, getchar(), fgetwc(), getwc(), and getwchar()
    • the strings produced by getenv(), fscanf(), vfscanf(), vscanf(), fgets(), fread(), fwscanf(), vfwscanf(), vwscanf(), wscanf(), and fgetws()

Anchor
tainted value
tainted value

tainted value [ISO/IEC TS 17961:2013]
Value derived from a tainted source that has not been sanitized.

Anchor
target implementation
target implementation

target implementation [ISO/IEC TS 17961:2013]
Implementation of the C programming language whose environmental limits and implementation-defined behavior are assumed by the analyzer during the analysis of a program.

Anchor
TOCTOU
TOCTOU

TOCTOU, TOCTTOU

Time-of-check, time-of-use (TOCTOU), also referred to as time-of-check-to-time-of-use (TOCTTOU), represents a vulnerability in which access control checks are nonatomic with the operations they protect, allowing an attacker to violate access control rules

...

NOTE Tainted sources include

    • parameters to the main function,
    • the returned values from localeconv, fgetc, getc, getchar, fgetwc, getwc, and getwchar, and
    • the strings produced by getenv, fscanf, vfscanf, vscanf, fgets, fread, fwscanf, vfwscanf, vwscanf, wscanf, and fgetws.

Anchortainted valuetainted valuetainted value
Value derived from a tainted source that has not been sanitized. Anchortarget implementationtarget implementationtarget implementation
Implementation of the C programming language whose environmental limits and implementation-defined behavior are assumed by the analyzer during the analysis of a program.

Anchor
trap representation
trap representation

trap representation [ISO/IEC 9899:2011]
Object representation that does not represent a value of the object type. Attempting to read the value of an object that has a trap representation other than by an expression that has a character type is undefined. Producing such a representation by a side effect that modifies all or any part of the object other than by an expression that has a character type is undefined.

Anchor
undefined behavior
undefined behavior

undefined behavior (UB) [ISO/IEC 9899:2011]
Behavior, upon use of a nonportable or erroneous program construct or of erroneous data, for which the standard C Standard imposes no requirements. An example of undefined behavior is the behavior on integer overflow.

...

Anchor
untrusted data
untrusted data

untrusted data [ISO/IEC 989911889-1:20112009]
Data originating from outside of a trust boundary [ISO/IEC 11889-1:2009].

Anchor
valid pointer
valid pointer

valid pointer [ISO/IEC 9899TS 17961:20112013]
Pointer that refers to an element within an array or one past the last element of an array. See invalid pointer.

NOTE 1
For the purposes of this definition, a pointer to an object that is not an element of an array behaves the same as a pointer to the first element of an array of length one with the type of the object as its element type. (See C Standard, subclause 6.5.8, paragraph 4.)
NOTE 2 For the purposes of this definition, an object can be considered to be an array of a certain number of bytes; that number is the size of the object , as produced by the sizeof operator. (See C Standard, subclause 6.3.2.3, paragraph 7.)

Anchor
validation
validation

validation [IEC 61508-4]
Confirmation by examination and provision of objective evidence that the particular requirements for a specific intended use are fulfilled.

...

Anchor
vulnerability
vulnerability

vulnerability [Seacord 2005aISO/IEC TS 17961:2013]
Set of conditions that allows an attacker to violate an explicit or implicit security policy.

 

Anchor
warning
warning
Anchor
warning message
warning message

warning message

A diagnostic message generated when source code is encountered that does not prevent an implementation from translating a translation unit. See diagnostic message and error message.


...

Image Modified