Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Updated references from C11->C23

When two pointers are subtracted, both must point to elements of the same array object or just one past the last element of the array object (C Standard, 6.5.6 7 [ISO/IEC 9899:20112024]); the result is the difference of the subscripts of the two array elements. Otherwise, the operation is undefined behavior. (See undefined behavior 48.)

...

Pointer arithmetic shall only be applied to pointers that address an array or array element

Subtraction or comparison between pointers to different arrays

MISRA 2012 Rule 18.2Subtraction causes undefined behavior

Subtraction between pointers shall only be applied to pointers that address elements of the same array

V736, V782

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
pointer-subtractionPartially checked
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-ARR36Can detect operations on pointers that are unrelated
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

LANG.STRUCT.CUP

LANG.STRUCT.SUP

Comparison of Unrelated Pointers

Subtraction of Unrelated Pointers

Coverity
Include Page
Coverity_V
Coverity_V

MISRA C 2004 17.2

MISRA C 2004 17.3

MISRA C 2012 18.2

MISRA C 2012 18.3

Implemented
Cppcheck

Include Page
Cppcheck_V
Cppcheck_V

comparePointersFully implemented
Cppcheck Premium

Include Page
Cppcheck Premium_V
Cppcheck Premium_V

comparePointersFully implemented
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C0487, C0513

DF2668, DF2669, DF2761, DF2762, DF2763, DF2766, DF2767, DF2768, DF2771, DF2772, DF2773


Klocwork
Include Page
Klocwork_V
Klocwork_V

MISRA.PTR.ARITH


LDRA tool suite
Include Page
LDRA_V
LDRA_V

437 S, 438 S

Fully implemented

Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V
CERT_C-ARR36-a
CERT_C-ARR36-b

Do not subtract two pointers that do not address elements of the same array
Do not compare two unrelated pointers

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C:

Rule ARR36-C

Checks for subtraction

or comparison between pointers

PRQA QA-C
Include Page
PRQA QA-C_vPRQA QA-C_v

0487, 0513, 2771, 2772,
2773, 2761,
2762,
2763, 2766, 2767,
2768

Fully implementedPVS-Studio
Include Page
PVS-Studio_VPVS-Studio_V

to different arrays (rule partially covered)

PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V736, V782
RuleChecker
Include Page
RuleChecker_V
RuleChecker_V
pointer-subtraction
Partially checked
TrustInSoft Analyzer

Include Page
TrustInSoft Analyzer_V
TrustInSoft Analyzer_V

differing_blocks

Exhaustively verified (see the compliant and the non-compliant example).

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

ARR36-C = Union(CWE-469, list) where list =

  • Pointer comparisons that are not subtractions using the relational operators <, <=, >=, and >, where the pointers do not refer to the same array

...


...