When two pointers are subtracted, both must point to elements of the same array object or just one past the last element of the array object (C Standard, 6.5.6 7 [ISO/IEC 9899:20112024]); the result is the difference of the subscripts of the two array elements. Otherwise, the operation is undefined behavior. (See undefined behavior 4845.)
Similarly, comparing pointers using the relational operators <
, <=
, >=
, and >
gives the positions of the pointers relative to each other. Subtracting or comparing pointers that do not refer to the same array is undefined behavior. (See undefined behavior 4845 and undefined behavior 5350.)
Comparing pointers using the equality operators ==
and !=
has well-defined semantics regardless of whether or not either of the pointers is null, points into the same object, or points one past the last element of an array object or function.
...
Tool | Version | Checker | Description | |||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Astrée |
| pointer-subtraction | Partially checked | |||||||||||||||||||||||||||
Axivion Bauhaus Suite |
| CertC-ARR36 | Can detect operations on pointers that are unrelated | |||||||||||||||||||||||||||
CodeSonar |
| LANG.STRUCT.CUP LANG.STRUCT.SUP | Comparison of Unrelated Pointers Subtraction of Unrelated Pointers | |||||||||||||||||||||||||||
Coverity |
| MISRA C 2004 17.2 MISRA C 2004 17.3 MISRA C 2012 18.2 MISRA C 2012 18.3 | Implemented | |||||||||||||||||||||||||||
Cppcheck |
| comparePointers | Fully implemented | |||||||||||||||||||||||||||
Cppcheck Premium |
| comparePointers | Fully implemented | |||||||||||||||||||||||||||
Helix QAC |
| C0487, C0513 DF2668, DF2669, DF2761, DF2762, DF2763, DF2766, DF2767, DF2768, DF2771, DF2772, DF2773 | ||||||||||||||||||||||||||||
Klocwork |
| MISRA.PTR.ARITH | ||||||||||||||||||||||||||||
LDRA tool suite |
| 437 S, 438 S | Fully implemented | |||||||||||||||||||||||||||
Parasoft C/C++test |
| MISRA2004-17_2 | CERT_C-ARR36-a CERT_C-ARR36-b | Do not subtract two pointers that do not address elements of the same array | ||||||||||||||||||||||||||
| Fully implemented
| R2017b |
| Checks for subtraction | Subtraction or comparison between pointers to different arrays | Subtraction or comparison between pointers causes undefined behavior | PRQA QA-C(rule partially covered) | |||||||||||||||||||||||
PVS-Studio |
| PRQA QA
| C
| v
| PRQA QA
| C
| v
| 0487, 0513, 2771, 2772, | Fully implemented | PVS-Studio | ||||||||||||||||||||
Include Page | PVS-Studio_V | PVS-Studio_V | V736, V782V736, V782 | |||||||||||||||||||||||||||
RuleChecker |
| pointer-subtraction | Partially checked | |||||||||||||||||||||||||||
TrustInSoft Analyzer |
| differing_blocks | Exhaustively verified (see the compliant and the non-compliant example). |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
Taxonomy | Taxonomy item | Relationship |
---|---|---|
CERT C | CTR54-CPP. Do not subtract iterators that do not refer to the same container | Prior to 2018-01-12: CERT: Unspecified Relationship |
ISO/IEC TS 17961 | Subtracting or comparing two pointers that do not refer to the same array [ptrobj] | Prior to 2018-01-12: CERT: Unspecified Relationship |
CWE 2.11 | CWE-469, Use of Pointer Subtraction to Determine Size | 2017-07-10: CERT: Exact |
CWE 3.11 | CWE-469, Use of Pointer Subtraction to Determine Size | 2018-10-18:CERT:CWE subset of rule |
CERT-CWE Mapping Notes
Key here for mapping notes
CWE-469 and ARR36-C
CWE-469 = Subset(ARR36-C)
ARR36-C = Union(CWE-469, list) where list =
- Pointer comparisons using the relational operators
<
,<=
,>=
, and>
, where the pointers do not refer to the same array
Bibliography
[Banahan 2003] | Section 5.3, "Pointers" Section 5.7, "Expressions Involving Pointers" |
[ISO/IEC 9899:20112024] | 6.5.67, "Additive Operators" |
...