You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 28 Next »

This page was automatically generated and should not be edited.

The information on this page was provided by outside contributors and has not been verified by SEI CERT.

The table below can be re-ordered, by clicking column headers.

Tool Version: 2023.1

Checker

Guideline

BD-API-VALPARAM FLP32-C. Prevent or detect domain and range errors in math functions
BD-BP-NOTINIT EXP33-C. Do not read uninitialized memory
BD-PB-ARRAY FLP37-C. Do not use object representations to compare floating-point values
BD-PB-ARRAY ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
BD-PB-ARRAY STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
BD-PB-ARRAY FIO37-C. Do not assume that fgets() or fgetws() returns a nonempty string when successful
BD-PB-ARRAY EXP08-C. Ensure pointer arithmetic is used correctly
BD-PB-ARRAY INT10-C. Do not assume a positive remainder when using the % operator
BD-PB-ARRAY MSC19-C. For functions that return an array, prefer returning an empty array over a null value
BD-PB-BYTEORD POS39-C. Use the correct byte ordering when transferring data between systems
BD-PB-CC EXP45-C. Do not perform assignments in selection statements
BD-PB-CC EXP16-C. Do not compare function pointers to constant values
BD-PB-CHECKRETGEN ERR33-C. Detect and handle standard library errors
BD-PB-ERRNO ERR30-C. Set errno to zero before calling a library function known to set errno, and check errno only after the function returns a value indicating failure
BD-PB-ERRNO ERR32-C. Do not rely on indeterminate values of errno
BD-PB-INTOVERF INT30-C. Ensure that unsigned integer operations do not wrap
BD-PB-INTOVERF INT32-C. Ensure that operations on signed integers do not result in overflow
BD-PB-INVENV ENV31-C. Do not rely on an environment pointer following an operation that may invalidate it
BD-PB-INVRET ENV34-C. Do not store pointers returned by certain functions
BD-PB-NP EXP34-C. Do not dereference null pointers
BD-PB-NP ERR33-C. Detect and handle standard library errors
BD-PB-NP POS54-C. Detect and handle POSIX library errors
BD-PB-NP MSC19-C. For functions that return an array, prefer returning an empty array over a null value
BD-PB-OVERFARRAY EXP39-C. Do not access a variable through a pointer of an incompatible type
BD-PB-OVERFFMT ARR38-C. Guarantee that library functions do not form invalid pointers
BD-PB-OVERFNZT ARR38-C. Guarantee that library functions do not form invalid pointers
BD-PB-OVERFNZT STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string
BD-PB-OVERFNZT POS30-C. Use the readlink() function properly
BD-PB-OVERFRD ARR38-C. Guarantee that library functions do not form invalid pointers
BD-PB-OVERFWR ARR38-C. Guarantee that library functions do not form invalid pointers
BD-PB-OVERFWR STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
BD-PB-OVERFWR API01-C. Avoid laying out strings in memory directly before sensitive data
BD-PB-OVERFWR ENV01-C. Do not make assumptions about the size of an environment variable
BD-PB-OVERNZT STR03-C. Do not inadvertently truncate a string
BD-PB-PUTENV POS34-C. Do not call putenv() with a pointer to an automatic variable as the argument
BD-PB-SWITCH MSC07-C. Detect and remove dead code
BD-PB-SWITCH MSC12-C. Detect and remove code that has no effect or is never executed
BD-PB-VARARG MSC39-C. Do not call va_arg() on a va_list that has an indeterminate value
BD-PB-ZERO INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors
BD-PB-ZERO FLP03-C. Detect and handle floating-point errors
BD-RES-FREE MEM30-C. Do not access freed memory
BD-RES-FREE FIO46-C. Do not access a closed file
BD-RES-FREE CON31-C. Do not destroy a mutex while it is locked
BD-RES-FREE MEM01-C. Store a new value in pointers immediately after free()
BD-RES-INVFREE MEM34-C. Only free memory allocated dynamically
BD-RES-INVFREE CON31-C. Do not destroy a mutex while it is locked
BD-RES-LEAK MEM31-C. Free dynamically allocated memory when no longer needed
BD-RES-LEAK MEM12-C. Consider using a goto chain when leaving a function on error when using and releasing resources
BD-RES-LEAKS FIO42-C. Close files when they are no longer needed
BD-RES-LEAKS CON30-C. Clean up thread-specific storage
BD-RES-LEAKS WIN30-C. Properly pair allocation and deallocation functions
BD-SECURITY-BUFWRITE STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
BD-SECURITY-INTOVERF INT04-C. Enforce limits on integer values originating from tainted sources
BD-SECURITY-OVERFMT EXP39-C. Do not access a variable through a pointer of an incompatible type
BD-SECURITY-OVERFRD EXP39-C. Do not access a variable through a pointer of an incompatible type
BD-SECURITY-OVERFRD INT04-C. Enforce limits on integer values originating from tainted sources
BD-SECURITY-OVERFWR EXP39-C. Do not access a variable through a pointer of an incompatible type
BD-SECURITY-OVERFWR STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
BD-SECURITY-OVERFWR INT04-C. Enforce limits on integer values originating from tainted sources
BD-SECURITY-RAND MSC32-C. Properly seed pseudorandom number generators
BD-SECURITY-TDCMD STR02-C. Sanitize data passed to complex subsystems
BD-SECURITY-TDFNAMES STR02-C. Sanitize data passed to complex subsystems
BD-SECURITY-TDSQL STR02-C. Sanitize data passed to complex subsystems
BD-TRS-ARG CON34-C. Declare objects shared between threads with appropriate storage durations
BD-TRS-ARG POS50-C. Declare objects shared between POSIX threads with appropriate storage durations
BD-TRS-BITLOCK CON32-C. Prevent data races when accessing bit-fields from multiple threads
BD-TRS-BITLOCK POS49-C. When data must be accessed by multiple threads, provide a mutex and guarantee no adjacent data is also accessed
BD-TRS-DLOCK CON35-C. Avoid deadlock by locking in a predefined order
BD-TRS-DSTRLOCK CON31-C. Do not destroy a mutex while it is locked
BD-TRS-DSTRLOCK POS48-C. Do not unlock or destroy another POSIX thread's mutex
BD-TRS-FORKFILE POS38-C. Beware of race conditions when using fork and file descriptors
BD-TRS-LOCK CON01-C. Acquire and release synchronization primitives in the same module, at the same level of abstraction
BD-TRS-ORDER POS51-C. Avoid deadlock with POSIX threads by locking in predefined order
BD-TRS-REVLOCK POS48-C. Do not unlock or destroy another POSIX thread's mutex
BD-TRS-SYMLINK POS35-C. Avoid race conditions while checking for the existence of a symbolic link
BD-TRS-TSHL POS52-C. Do not perform operations that can block while holding a POSIX lock
BD-TRS-TSHL CON05-C. Do not perform operations that can block while holding a lock
CERT-EXP-19 EXP15-C. Do not place a semicolon on the same line as an if, for, or while statement
CODSTA-11 MSC11-C. Incorporate diagnostic tests using assertions
CODSTA-16 STR11-C. Do not specify the bound of a character array initialized with a string literal
CODSTA-26 DCL06-C. Use meaningful symbolic constants to represent literal values
CODSTA-60 EXP20-C. Perform explicit tests to determine success, true and false, and equality
CODSTA-63 INT13-C. Use bitwise operators only on unsigned operands
CODSTA-63 INT16-C. Do not make assumptions about representation of signed integers
CODSTA-65 INT36-C. Converting a pointer to integer or integer to pointer
CODSTA-69 STR09-C. Don't assume numeric values for expressions with type plain character
CODSTA-75 INT12-C. Do not make assumptions about the type of a plain int bit-field when used in an expression
CODSTA-86 API00-C. Functions should validate their parameters
CODSTA-97 EXP00-C. Use parentheses for precedence of operation
CODSTA-117 DCL18-C. Do not begin integer constants with 0 when specifying a decimal value
CODSTA-118 DCL40-C. Do not create incompatible declarations of the same function or object
CODSTA-121 EXP43-C. Avoid undefined behavior when using restrict-qualified pointers
CODSTA-122_a ERR33-C. Detect and handle standard library errors
CODSTA-122_a POS54-C. Detect and handle POSIX library errors
CODSTA-122_a EXP12-C. Do not ignore values returned by functions
CODSTA-122_b ERR33-C. Detect and handle standard library errors
CODSTA-122_b POS54-C. Detect and handle POSIX library errors
CODSTA-122_b EXP12-C. Do not ignore values returned by functions
CODSTA-123 PRE31-C. Avoid side effects in arguments to unsafe macros
CODSTA-123 FIO41-C. Do not call getc(), putc(), getwc(), or putwc() with a stream argument that has side effects
CODSTA-127_b INT36-C. Converting a pointer to integer or integer to pointer
CODSTA-144 POS30-C. Use the readlink() function properly
CODSTA-145 POS30-C. Use the readlink() function properly
CODSTA-150 PRE31-C. Avoid side effects in arguments to unsafe macros
CODSTA-150_b PRE31-C. Avoid side effects in arguments to unsafe macros
CODSTA-150_c PRE31-C. Avoid side effects in arguments to unsafe macros
CODSTA-156_a INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
CODSTA-156_b INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
CODSTA-157 INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
CODSTA-158 EXP37-C. Call functions with the correct number and type of arguments
CODSTA-159 EXP37-C. Call functions with the correct number and type of arguments
CODSTA-161_a INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
CODSTA-161_b INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
CODSTA-161_c INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
CODSTA-161_d INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
CODSTA-161_e INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
CODSTA-161_f INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
CODSTA-161_g INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
CODSTA-163_a INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
CODSTA-163_b INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
CODSTA-164_a INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
CODSTA-164_b INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
CODSTA-185_a ENV30-C. Do not modify the object referenced by the return value of certain functions
CODSTA-187_a STR34-C. Cast characters to unsigned char before converting to larger integer sizes
CODSTA-187_b STR34-C. Cast characters to unsigned char before converting to larger integer sizes
CODSTA-187_c STR34-C. Cast characters to unsigned char before converting to larger integer sizes
CODSTA-188 STR38-C. Do not confuse narrow and wide character strings and functions
CODSTA-190 FLP37-C. Do not use object representations to compare floating-point values
CODSTA-CPP-53 DCL00-C. Const-qualify immutable objects
COMMENT-11 MSC04-C. Use comments consistently and in a readable fashion
COMMENT-12 MSC04-C. Use comments consistently and in a readable fashion
COMMENT-13 MSC04-C. Use comments consistently and in a readable fashion
Detect at runtime MEM34-C. Only free memory allocated dynamically
Detects accessing freed memory at runtime MEM30-C. Do not access freed memory
Detects dangling pointers at runtime MEM01-C. Store a new value in pointers immediately after free()
Detects leaks at runtime MEM31-C. Free dynamically allocated memory when no longer needed
FORMAT-33 DCL04-C. Do not declare more than one variable per declaration
fully implemented at runtime ERR33-C. Detect and handle standard library errors
GLOBAL-CONDMUTEXVAR POS53-C. Do not use more than one mutex for concurrent waiting operations on a condition variable
MISRA2004-2_3 MSC04-C. Use comments consistently and in a readable fashion
MISRA2004-4_2-3 PRE07-C. Avoid using repeated question marks
MISRA2004-5_2_a DCL01-C. Do not reuse variable names in subscopes
MISRA2004-5_2_b DCL01-C. Do not reuse variable names in subscopes
MISRA2004-6_1 INT07-C. Use only explicitly signed or unsigned char type for numeric values
MISRA2004-6_1 STR00-C. Represent characters using an appropriate type
MISRA2004-6_1 STR04-C. Use plain char for characters in the basic character set
MISRA2004-6_2 INT07-C. Use only explicitly signed or unsigned char type for numeric values
MISRA2004-7_1_a DCL18-C. Do not begin integer constants with 0 when specifying a decimal value
MISRA2004-8_4 DCL40-C. Do not create incompatible declarations of the same function or object
MISRA2004-9_3 INT09-C. Ensure enumeration constants map to unique values
MISRA2004-10_1_b EXP39-C. Do not access a variable through a pointer of an incompatible type
MISRA2004-10_1_b STR34-C. Cast characters to unsigned char before converting to larger integer sizes
MISRA2004-10_1_d FLP34-C. Ensure that floating-point conversions are within range of the new type
MISRA2004-10_1_d FIO34-C. Distinguish between characters read from a file and EOF or WEOF
MISRA2004-10_2_1 EXP39-C. Do not access a variable through a pointer of an incompatible type
MISRA2004-10_2_a STR34-C. Cast characters to unsigned char before converting to larger integer sizes
MISRA2004-10_2_b FLP03-C. Detect and handle floating-point errors
MISRA2004-10_2_c FLP03-C. Detect and handle floating-point errors
MISRA2004-10_2_d FLP03-C. Detect and handle floating-point errors
MISRA2004-11_4 EXP36-C. Do not cast pointers into more strictly aligned pointer types
MISRA2004-11_4 EXP39-C. Do not access a variable through a pointer of an incompatible type
MISRA2004-11_4 STR34-C. Cast characters to unsigned char before converting to larger integer sizes
MISRA2004-11_5 EXP32-C. Do not access a volatile object through a nonvolatile reference
MISRA2004-11_5 EXP05-C. Do not cast away a const qualification
MISRA2004-12_2_a EXP30-C. Do not depend on the order of evaluation for side effects
MISRA2004-12_2_a FIO41-C. Do not call getc(), putc(), getwc(), or putwc() with a stream argument that has side effects
MISRA2004-12_2_a EXP10-C. Do not depend on the order of evaluation of subexpressions or the order in which side effects take place
MISRA2004-12_2_b EXP30-C. Do not depend on the order of evaluation for side effects
MISRA2004-12_2_b FIO41-C. Do not call getc(), putc(), getwc(), or putwc() with a stream argument that has side effects
MISRA2004-12_2_b EXP10-C. Do not depend on the order of evaluation of subexpressions or the order in which side effects take place
MISRA2004-12_2_c EXP30-C. Do not depend on the order of evaluation for side effects
MISRA2004-12_2_c FIO41-C. Do not call getc(), putc(), getwc(), or putwc() with a stream argument that has side effects
MISRA2004-12_2_c EXP10-C. Do not depend on the order of evaluation of subexpressions or the order in which side effects take place
MISRA2004-12_2_d EXP30-C. Do not depend on the order of evaluation for side effects
MISRA2004-12_2_d FIO41-C. Do not call getc(), putc(), getwc(), or putwc() with a stream argument that has side effects
MISRA2004-12_2_d EXP10-C. Do not depend on the order of evaluation of subexpressions or the order in which side effects take place
MISRA2004-12_3_b EXP44-C. Do not rely on side effects in operands to sizeof, _Alignof, or _Generic
MISRA2004-12_3_c EXP44-C. Do not rely on side effects in operands to sizeof, _Alignof, or _Generic
MISRA2004-12_4a EXP02-C. Be aware of the short-circuit behavior of the logical AND and OR operators
MISRA2004-12_6_a EXP46-C. Do not use a bitwise operator with a Boolean-like operand
MISRA2004-12_6_b EXP46-C. Do not use a bitwise operator with a Boolean-like operand
MISRA2004-13_1 EXP45-C. Do not perform assignments in selection statements
MISRA2004-13_3 FLP00-C. Understand the limitations of floating-point numbers
MISRA2004-13_3 FLP02-C. Avoid using floating-point numbers when precise computation is needed
MISRA2004-14_1_a MSC07-C. Detect and remove dead code
MISRA2004-14_1_a MSC12-C. Detect and remove code that has no effect or is never executed
MISRA2004-14_1_b MSC07-C. Detect and remove dead code
MISRA2004-14_1_b MSC12-C. Detect and remove code that has no effect or is never executed
MISRA2004-14_1_c MSC07-C. Detect and remove dead code
MISRA2004-14_1_c MSC12-C. Detect and remove code that has no effect or is never executed
MISRA2004-14_1_d MSC07-C. Detect and remove dead code
MISRA2004-14_1_d MSC12-C. Detect and remove code that has no effect or is never executed
MISRA2004-14_1_e MSC07-C. Detect and remove dead code
MISRA2004-14_1_e MSC12-C. Detect and remove code that has no effect or is never executed
MISRA2004-14_1_f MSC07-C. Detect and remove dead code
MISRA2004-14_1_f MSC12-C. Detect and remove code that has no effect or is never executed
MISRA2004-14_1_g MSC07-C. Detect and remove dead code
MISRA2004-14_1_g MSC12-C. Detect and remove code that has no effect or is never executed
MISRA2004-14_8 EXP19-C. Use braces for the body of an if, for, or while statement
MISRA2004-14_10 MSC01-C. Strive for logical completeness
MISRA2004-15_0_b DCL41-C. Do not declare variables inside a switch statement before the first case label
MISRA2004-15_2 MSC17-C. Finish every set of statements associated with a case label with a break statement
MISRA2004-15_3 MSC01-C. Strive for logical completeness
MISRA2004-16_3 EXP37-C. Call functions with the correct number and type of arguments
MISRA2004-16_6 DCL20-C. Explicitly specify void when a function accepts no arguments
MISRA2004-16_7 DCL13-C. Declare function parameters that are pointers to values not changed by the function as const
MISRA2004-16_7_b DCL05-C. Use typedefs of non-pointer types only
MISRA2004-16_8 MSC37-C. Ensure that control never reaches the end of a non-void function
MISRA2004-16_9 EXP45-C. Do not perform assignments in selection statements
MISRA2004-17_2 ARR36-C. Do not subtract or compare two pointers that do not refer to the same array
MISRA2004-17_6_a DCL30-C. Declare objects with appropriate storage durations
MISRA2004-17_6_b DCL30-C. Declare objects with appropriate storage durations
MISRA2004-19_7 PRE00-C. Prefer inline or static functions to function-like macros
MISRA2004-19_8 MSC38-C. Do not treat a predefined identifier as an object if it might only be implemented as a macro
MISRA2004-19_9 PRE32-C. Do not use preprocessor directives in invocations of function-like macros
MISRA2004-19_10 PRE01-C. Use parentheses within macros around parameter names
MISRA2004-20_1_a DCL37-C. Do not declare or define a reserved identifier
MISRA2004-20_7 MSC22-C. Use the setjmp(), longjmp() facility securely
MISRA2004-20_8_b SIG34-C. Do not call signal() from within interruptible signal handlers
MISRA2004-20_8_b CON37-C. Do not call signal() in a multithreaded program
MISRA2004-20_8_b POS44-C. Do not use signals to terminate threads
MISRA2004-20_8_b SIG00-C. Mask signals handled by noninterruptible signal handlers
MISRA2004-20_8_b SIG01-C. Understand implementation-specific details regarding signal handler persistence
MISRA2004-20_8_b SIG02-C. Avoid using signals to implement normal functionality
MISRA2004-20_10 ERR34-C. Detect errors when converting a string to a number
MISRA2004-20_10 ERR07-C. Prefer functions that support error checking over equivalent functions that don't
MISRA2004-20_10 MSC24-C. Do not use deprecated or obsolescent functions
MISRA2004-20_11 ENV33-C. Do not call system()
MISRA2004-20_11 ERR04-C. Choose an appropriate termination strategy
MISRA2004-20_11 ERR05-C. Application-independent code should provide error detection without dictating error handling
MISRA2004-20_11 MSC24-C. Do not use deprecated or obsolescent functions
MISRA-005 MSC09-C. Character encoding: Use subset of ASCII for safety
MISRA-11_5 EXP40-C. Do not modify constant objects
MISRA-020 DCL31-C. Declare identifiers before using them
MISRA-023 DCL15-C. Declare file-scope objects or functions that do not need external linkage as static
MISRA-024 DCL36-C. Do not declare an identifier with conflicting linkage classifications
MISRA-038 INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand
MISRA-043 INT02-C. Understand integer conversion rules
MISRA-043 INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
MISRA-043_b INT02-C. Understand integer conversion rules
MISRA-043_c FLP36-C. Preserve precision when converting integral values to floating-point type
MISRA-043_c FLP06-C. Convert integers to floating point for floating-point operations
MISRA-043_d FLP36-C. Preserve precision when converting integral values to floating-point type
MISRA-043_d FLP06-C. Convert integers to floating point for floating-point operations
MISRA-043b EXP14-C. Beware of integer promotion when performing bitwise operations on integer types smaller than int
MISRA-043b INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
MISRA-046_a CON02-C. Do not use volatile as a synchronization primitive
MISRA-051 MSC14-C. Do not introduce unnecessary platform dependencies
MISRA-051 MSC15-C. Do not depend on undefined behavior
MISRA-065 FLP30-C. Do not use floating-point variables as loop counters
MISRA-071_b EXP37-C. Call functions with the correct number and type of arguments
MISRA-096 PRE02-C. Macro replacement lists should be parenthesized
MISRA-101 FLP37-C. Do not use object representations to compare floating-point values
MISRA-101 EXP08-C. Ensure pointer arithmetic is used correctly
MRM-07 EXP42-C. Do not compare padding data
MRM-09 MEM01-C. Store a new value in pointers immediately after free()
MRM-10 MEM01-C. Store a new value in pointers immediately after free()
MRM-11 MEM01-C. Store a new value in pointers immediately after free()
MRM-18 MEM00-C. Allocate and free memory in the same module, at the same level of abstraction
MRM-19 MEM00-C. Allocate and free memory in the same module, at the same level of abstraction
MRM-20 MEM00-C. Allocate and free memory in the same module, at the same level of abstraction
MRM-39 ERR30-C. Set errno to zero before calling a library function known to set errno, and check errno only after the function returns a value indicating failure
MRM-45 MEM35-C. Allocate sufficient memory for an object
NAMING-44 DCL02-C. Use visually distinct identifiers
OPT-01 DCL19-C. Minimize the scope of variables and functions
OPT-06 MSC13-C. Detect and remove unused values
PB-27 STR30-C. Do not attempt to modify string literals
PB-32 ARR01-C. Do not apply the sizeof operator to a pointer when taking the size of an array
PB-35 EXP45-C. Do not perform assignments in selection statements
PB-38 STR10-C. Do not concatenate different type of string literals
PB-45 FIO47-C. Use valid format strings
PB-46 FIO47-C. Use valid format strings
PB-47 FIO47-C. Use valid format strings
PB-48 FIO47-C. Use valid format strings
PB-49 FIO47-C. Use valid format strings
PB-50 FIO47-C. Use valid format strings
PB-51 ARR37-C. Do not add or subtract an integer to a pointer to a non-array object
PB-66_a INT30-C. Ensure that unsigned integer operations do not wrap
PB-66_a INT32-C. Ensure that operations on signed integers do not result in overflow
PB-66_b INT30-C. Ensure that unsigned integer operations do not wrap
PB-66_b INT32-C. Ensure that operations on signed integers do not result in overflow
PFO-02 PRE06-C. Enclose header files in an include guard
PORT-01 DCL16-C. Use "L," not "l," to indicate a long value
Runtime INT32-C. Ensure that operations on signed integers do not result in overflow
Runtime ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
Runtime DCL11-C. Understand the type issues associated with variadic functions
runtime DCL40-C. Do not create incompatible declarations of the same function or object
Runtime analysis EXP33-C. Do not read uninitialized memory
Runtime analysis EXP34-C. Do not dereference null pointers
Runtime analysis ARR38-C. Guarantee that library functions do not form invalid pointers
Runtime analysis FLP03-C. Detect and handle floating-point errors
Runtime analysis STR07-C. Use the bounds-checking interfaces for string manipulation
Runtime analysis for over- or under- read or write EXP08-C. Ensure pointer arithmetic is used correctly
Runtime analysis will detect all leaks MEM00-C. Allocate and free memory in the same module, at the same level of abstraction
Runtime detection INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors
SECURITY-01 MSC33-C. Do not pass invalid data to the asctime() function
SECURITY-02 MSC32-C. Properly seed pseudorandom number generators
SECURITY-02_b MSC30-C. Do not use the rand() function for generating pseudorandom numbers
SECURITY-02_b MSC32-C. Properly seed pseudorandom number generators
SECURITY-03 POS34-C. Do not call putenv() with a pointer to an automatic variable as the argument
SECURITY-03 ENV02-C. Beware of multiple environment variables with the same effective name
SECURITY-04 WIN00-C. Be specific when dynamically loading libraries
SECURITY-05 SECURITY-08 SECURITY-36 FIO30-C. Exclude user input from format strings
SECURITY-07 API02-C. Functions that read or write to or from an array should take an argument to specify the source or target size
SECURITY-07 ENV01-C. Do not make assumptions about the size of an environment variable
SECURITY-07 MSC24-C. Do not use deprecated or obsolescent functions
SECURITY-10 POS33-C. Do not use vfork()
SECURITY-12 STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
SECURITY-12 API01-C. Avoid laying out strings in memory directly before sensitive data
SECURITY-12 API02-C. Functions that read or write to or from an array should take an argument to specify the source or target size
SECURITY-12 ENV01-C. Do not make assumptions about the size of an environment variable
SECURITY-12 MSC24-C. Do not use deprecated or obsolescent functions
SECURITY-13 INT05-C. Do not use input functions to convert character data if they cannot handle all possible inputs
SECURITY-13 STR07-C. Use the bounds-checking interfaces for string manipulation
SECURITY-19 CON43-C. Do not allow data races in multithreaded code
SECURITY-19 POS35-C. Avoid race conditions while checking for the existence of a symbolic link
SECURITY-19 FIO01-C. Be careful using functions that use file names for identification
SECURITY-19 FIO21-C. Do not create temporary files in shared directories
SECURITY-25 CON33-C. Avoid race conditions when using library functions
SECURITY-27 FIO01-C. Be careful using functions that use file names for identification
SECURITY-28 MSC32-C. Properly seed pseudorandom number generators
SECURITY-43 POS47-C. Do not use threads that can be canceled asynchronously
SECURITY-44 POS36-C. Observe correct revocation order while relinquishing privileges
SECURITY-45 POS37-C. Ensure that privilege relinquishment is successful
SECURITY-46 DCL39-C. Avoid information leakage when passing a structure across a trust boundary
SECURITY-47 INT35-C. Use correct integer precisions
SECURITY-48 ENV33-C. Do not call system()
  • No labels