You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 27 Next »

This page was automatically generated and should not be edited.

The information on this page was provided by outside contributors and has not been verified by SEI CERT.

The table below can be re-ordered, by clicking column headers.

Tool Version: 8.1p0

Checker

Guideline

(customization) FIO44-C. Only use values for fsetpos() that are returned from fgetpos()
(customization) ERR34-C. Detect errors when converting a string to a number
(customization) POS34-C. Do not call putenv() with a pointer to an automatic variable as the argument
(customization) DCL03-C. Use a static assertion to test the value of a constant expression
(customization) FIO06-C. Create files with appropriate access permissions
(customization) FIO08-C. Take care when calling remove() on an open file
(customization) FIO10-C. Take care when using the rename() function
(customization) FIO13-C. Never push back anything other than one read character
(customization) FIO24-C. Do not open a file that is already open
(customization) MEM03-C. Clear sensitive information stored in reusable resources
(customization) MEM04-C. Beware of zero-length allocations
(customization) MSC24-C. Do not use deprecated or obsolescent functions
(customization) STR06-C. Do not assume that strtok() leaves the parse string unchanged
(customization) WIN01-C. Do not forcibly terminate execution
(general) FIO37-C. Do not assume that fgets() or fgetws() returns a nonempty string when successful
(general) ENV01-C. Do not make assumptions about the size of an environment variable
(general) INT04-C. Enforce limits on integer values originating from tainted sources
(general) MEM11-C. Do not assume infinite heap space
ALLOC.DF MEM00-C. Allocate and free memory in the same module, at the same level of abstraction
ALLOC.DF MEM01-C. Store a new value in pointers immediately after free()
ALLOC.FNH MEM34-C. Only free memory allocated dynamically
ALLOC.LEAK MEM31-C. Free dynamically allocated memory when no longer needed
ALLOC.LEAK FIO42-C. Close files when they are no longer needed
ALLOC.LEAK MEM00-C. Allocate and free memory in the same module, at the same level of abstraction
ALLOC.LEAK MEM11-C. Do not assume infinite heap space
ALLOC.SIZE.ADDOFLOW INT30-C. Ensure that unsigned integer operations do not wrap
ALLOC.SIZE.ADDOFLOW INT32-C. Ensure that operations on signed integers do not result in overflow
ALLOC.SIZE.ADDOFLOW MEM35-C. Allocate sufficient memory for an object
ALLOC.SIZE.ADDOFLOW INT08-C. Verify that all integer values are in range
ALLOC.SIZE.ADDOFLOW INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
ALLOC.SIZE.IOFLOW INT30-C. Ensure that unsigned integer operations do not wrap
ALLOC.SIZE.IOFLOW INT32-C. Ensure that operations on signed integers do not result in overflow
ALLOC.SIZE.IOFLOW MEM35-C. Allocate sufficient memory for an object
ALLOC.SIZE.IOFLOW INT08-C. Verify that all integer values are in range
ALLOC.SIZE.IOFLOW INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
ALLOC.SIZE.MULOFLOW INT30-C. Ensure that unsigned integer operations do not wrap
ALLOC.SIZE.MULOFLOW INT32-C. Ensure that operations on signed integers do not result in overflow
ALLOC.SIZE.MULOFLOW MEM35-C. Allocate sufficient memory for an object
ALLOC.SIZE.MULOFLOW INT08-C. Verify that all integer values are in range
ALLOC.SIZE.MULOFLOW INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
ALLOC.SIZE.MULOFLOW MEM07-C. Ensure that the arguments to calloc(), when multiplied, do not wrap
ALLOC.SIZE.SUBUFLOW INT30-C. Ensure that unsigned integer operations do not wrap
ALLOC.SIZE.SUBUFLOW INT32-C. Ensure that operations on signed integers do not result in overflow
ALLOC.SIZE.SUBUFLOW MEM35-C. Allocate sufficient memory for an object
ALLOC.SIZE.SUBUFLOW INT08-C. Verify that all integer values are in range
ALLOC.SIZE.SUBUFLOW INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
ALLOC.SIZE.TRUNC INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
ALLOC.SIZE.TRUNC MEM35-C. Allocate sufficient memory for an object
ALLOC.SIZE.TRUNC INT02-C. Understand integer conversion rules
ALLOC.SIZE.TRUNC INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
ALLOC.TM WIN30-C. Properly pair allocation and deallocation functions
ALLOC.TM API07-C. Enforce type safety
ALLOC.UAF MEM30-C. Do not access freed memory
ALLOC.UAF MEM01-C. Store a new value in pointers immediately after free()
BADFUNC.* MSC24-C. Do not use deprecated or obsolescent functions
BADFUNC.ATOF ERR34-C. Detect errors when converting a string to a number
BADFUNC.ATOI ERR34-C. Detect errors when converting a string to a number
BADFUNC.ATOL ERR34-C. Detect errors when converting a string to a number
BADFUNC.ATOLL ERR34-C. Detect errors when converting a string to a number
BADFUNC.BO.* ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
BADFUNC.BO.* STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
BADFUNC.BO.* API02-C. Functions that read or write to or from an array should take an argument to specify the source or target size
BADFUNC.BO.OEMTOCHAR STR07-C. Use the bounds-checking interfaces for string manipulation
BADFUNC.BO.STRCAT STR07-C. Use the bounds-checking interfaces for string manipulation
BADFUNC.BO.STRCATCHAINW STR07-C. Use the bounds-checking interfaces for string manipulation
BADFUNC.BO.STRCMP STR07-C. Use the bounds-checking interfaces for string manipulation
BADFUNC.BO.STRCPY STR07-C. Use the bounds-checking interfaces for string manipulation
BADFUNC.BO.STRLEN STR07-C. Use the bounds-checking interfaces for string manipulation
BADFUNC.BO.STRTRNS STR07-C. Use the bounds-checking interfaces for string manipulation
BADFUNC.CHROOT POS05-C. Limit access to files by creating a jail
BADFUNC.CREATEPROCESS WIN02-C. Restrict privileges when spawning child processes
BADFUNC.CREATETHREAD WIN02-C. Restrict privileges when spawning child processes
BADFUNC.LONGJMP MSC22-C. Use the setjmp(), longjmp() facility securely
BADFUNC.MEMSET MSC06-C. Beware of compiler optimizations
BADFUNC.PATH.* FIO02-C. Canonicalize path names originating from tainted sources
BADFUNC.PATH.AFXLOADLIBRARY WIN00-C. Be specific when dynamically loading libraries
BADFUNC.PATH.COLOADLIBRARY WIN00-C. Be specific when dynamically loading libraries
BADFUNC.PATH.LOADLIBRARY WIN00-C. Be specific when dynamically loading libraries
BADFUNC.PATH.SYSTEM ENV33-C. Do not call system()
BADFUNC.RANDOM.RAND CON33-C. Avoid race conditions when using library functions
BADFUNC.RANDOM.RAND MSC30-C. Do not use the rand() function for generating pseudorandom numbers
BADFUNC.SETJMP MSC22-C. Use the setjmp(), longjmp() facility securely
BADFUNC.SIGNAL SIG34-C. Do not call signal() from within interruptible signal handlers
BADFUNC.SIGNAL CON37-C. Do not call signal() in a multithreaded program
BADFUNC.SIGNAL SIG00-C. Mask signals handled by noninterruptible signal handlers
BADFUNC.SIGNAL SIG01-C. Understand implementation-specific details regarding signal handler persistence
BADFUNC.SIGNAL SIG02-C. Avoid using signals to implement normal functionality
BADFUNC.TEMP.* FIO01-C. Be careful using functions that use file names for identification
BADFUNC.TEMP.* FIO21-C. Do not create temporary files in shared directories
BADFUNC.TEMP.TMPNAM CON33-C. Avoid race conditions when using library functions
BADFUNC.TTYNAME CON33-C. Avoid race conditions when using library functions
BADFUNC.VFORK POS33-C. Do not use vfork()
BADMACRO.STDARG_H EXP47-C. Do not call va_arg with an argument of the incorrect type
BUILD.WALL MSC00-C. Compile cleanly at high warning levels
BUILD.WERROR MSC00-C. Compile cleanly at high warning levels
CONCURRENCY.DATARACE SIG31-C. Do not access shared objects in signal handlers
CONCURRENCY.DATARACE CON32-C. Prevent data races when accessing bit-fields from multiple threads
CONCURRENCY.DATARACE CON43-C. Do not allow data races in multithreaded code
CONCURRENCY.DATARACE POS49-C. When data must be accessed by multiple threads, provide a mutex and guarantee no adjacent data is also accessed
CONCURRENCY.LOCK.NOLOCK CON01-C. Acquire and release synchronization primitives in the same module, at the same level of abstraction
CONCURRENCY.LOCK.NOUNLOCK CON01-C. Acquire and release synchronization primitives in the same module, at the same level of abstraction
CONCURRENCY.LOCK.ORDER CON35-C. Avoid deadlock by locking in a predefined order
CONCURRENCY.LOCK.ORDER POS51-C. Avoid deadlock with POSIX threads by locking in predefined order
CONCURRENCY.STARVE.BLOCKING POS52-C. Do not perform operations that can block while holding a POSIX lock
CONCURRENCY.STARVE.BLOCKING CON05-C. Do not perform operations that can block while holding a lock
DIAG.UNEX.* MSC07-C. Detect and remove dead code
DIAG.UNEX.* MSC12-C. Detect and remove code that has no effect or is never executed
HARDCODED.AUTH MSC18-C. Be careful while handling sensitive data, such as passwords, in program code
HARDCODED.KEY MSC18-C. Be careful while handling sensitive data, such as passwords, in program code
HARDCODED.SALT MSC18-C. Be careful while handling sensitive data, such as passwords, in program code
IO.INJ.COMMAND ENV33-C. Do not call system()
IO.INJ.COMMAND STR02-C. Sanitize data passed to complex subsystems
IO.INJ.FMT FIO30-C. Exclude user input from format strings
IO.INJ.FMT FIO47-C. Use valid format strings
IO.INJ.FMT STR02-C. Sanitize data passed to complex subsystems
IO.INJ.LDAP STR02-C. Sanitize data passed to complex subsystems
IO.INJ.LIB STR02-C. Sanitize data passed to complex subsystems
IO.INJ.SQL STR02-C. Sanitize data passed to complex subsystems
IO.RACE FIO45-C. Avoid TOCTOU race conditions while accessing files
IO.RACE FIO01-C. Be careful using functions that use file names for identification
IO.RACE FIO24-C. Do not open a file that is already open
IO.TAINT.ADDR INT04-C. Enforce limits on integer values originating from tainted sources
IO.TAINT.FNAME FIO01-C. Be careful using functions that use file names for identification
IO.TAINT.FNAME FIO02-C. Canonicalize path names originating from tainted sources
IO.TAINT.SIZE MEM35-C. Allocate sufficient memory for an object
IO.TAINT.SIZE INT04-C. Enforce limits on integer values originating from tainted sources
IO.TAINT.SIZE MEM05-C. Avoid large stack allocations
IO.TAINT.SIZE MEM11-C. Do not assume infinite heap space
IO.UAC FIO46-C. Do not access a closed file
LANG.ARITH.BIGSHIFT INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand
LANG.ARITH.DIVZERO INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors
LANG.ARITH.NEGSHIFT INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand
LANG.CAST.COERCE INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
LANG.CAST.COERCE FIO34-C. Distinguish between characters read from a file and EOF or WEOF
LANG.CAST.COERCE API07-C. Enforce type safety
LANG.CAST.COERCE INT02-C. Understand integer conversion rules
LANG.CAST.COERCE INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
LANG.CAST.PC.AV INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
LANG.CAST.PC.CONST2PTR INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
LANG.CAST.PC.CONST2PTR INT36-C. Converting a pointer to integer or integer to pointer
LANG.CAST.PC.CRCQ DCL00-C. Const-qualify immutable objects
LANG.CAST.PC.CRCQ EXP05-C. Do not cast away a const qualification
LANG.CAST.PC.INT INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
LANG.CAST.PC.INT INT36-C. Converting a pointer to integer or integer to pointer
LANG.CAST.RIP EXP14-C. Beware of integer promotion when performing bitwise operations on integer types smaller than int
LANG.CAST.VALUE INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
LANG.CAST.VALUE API07-C. Enforce type safety
LANG.CAST.VALUE INT02-C. Understand integer conversion rules
LANG.CAST.VALUE INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
LANG.FUNCS.APM EXP37-C. Call functions with the correct number and type of arguments
LANG.FUNCS.ASSERTS MSC11-C. Incorporate diagnostic tests using assertions
LANG.FUNCS.IRV ERR33-C. Detect and handle standard library errors
LANG.FUNCS.IRV POS54-C. Detect and handle POSIX library errors
LANG.FUNCS.IRV EXP12-C. Do not ignore values returned by functions
LANG.FUNCS.PROT DCL07-C. Include the appropriate type information in function declarators
LANG.FUNCS.PROT DCL20-C. Explicitly specify void when a function accepts no arguments
LANG.ID.AMBIG DCL02-C. Use visually distinct identifiers
LANG.ID.ND.EXT DCL23-C. Guarantee that mutually visible identifiers are unique
LANG.ID.ND.MM DCL23-C. Guarantee that mutually visible identifiers are unique
LANG.ID.ND.MO DCL23-C. Guarantee that mutually visible identifiers are unique
LANG.ID.ND.NEST DCL01-C. Do not reuse variable names in subscopes
LANG.ID.ND.NEST DCL23-C. Guarantee that mutually visible identifiers are unique
LANG.ID.ND.SS DCL23-C. Guarantee that mutually visible identifiers are unique
LANG.ID.NU.EXT DCL23-C. Guarantee that mutually visible identifiers are unique
LANG.ID.NU.INT DCL23-C. Guarantee that mutually visible identifiers are unique
LANG.ID.NU.TAG DCL23-C. Guarantee that mutually visible identifiers are unique
LANG.ID.NU.TYPE DCL23-C. Guarantee that mutually visible identifiers are unique
LANG.MEM.BO ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
LANG.MEM.BO STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
LANG.MEM.BO ENV01-C. Do not make assumptions about the size of an environment variable
LANG.MEM.BO EXP08-C. Ensure pointer arithmetic is used correctly
LANG.MEM.BU ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
LANG.MEM.BU EXP08-C. Ensure pointer arithmetic is used correctly
LANG.MEM.NPD EXP34-C. Do not dereference null pointers
LANG.MEM.TBA INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
LANG.MEM.TBA ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
LANG.MEM.TBA EXP08-C. Ensure pointer arithmetic is used correctly
LANG.MEM.TBA INT04-C. Enforce limits on integer values originating from tainted sources
LANG.MEM.TO ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
LANG.MEM.TO STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
LANG.MEM.TO ENV01-C. Do not make assumptions about the size of an environment variable
LANG.MEM.TO EXP08-C. Ensure pointer arithmetic is used correctly
LANG.MEM.TU ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
LANG.MEM.TU EXP08-C. Ensure pointer arithmetic is used correctly
LANG.MEM.UVAR EXP33-C. Do not read uninitialized memory
LANG.PREPROC.HASH PRE05-C. Understand macro replacement when concatenating tokens or performing stringification
LANG.PREPROC.MACROARG PRE32-C. Do not use preprocessor directives in invocations of function-like macros
LANG.PREPROC.MACROEND PRE02-C. Macro replacement lists should be parenthesized
LANG.PREPROC.MACROEND PRE11-C. Do not conclude macro definitions with a semicolon
LANG.PREPROC.MACROSTART PRE02-C. Macro replacement lists should be parenthesized
LANG.PREPROC.PASTE PRE30-C. Do not create a universal character name through concatenation
LANG.PREPROC.PASTE PRE05-C. Understand macro replacement when concatenating tokens or performing stringification
LANG.PREPROC.PASTEHASH PRE30-C. Do not create a universal character name through concatenation
LANG.STRUCT.CONDASSIG EXP45-C. Do not perform assignments in selection statements
LANG.STRUCT.DECL.FAM ARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer
LANG.STRUCT.DECL.IF DCL40-C. Do not create incompatible declarations of the same function or object
LANG.STRUCT.DECL.IO DCL40-C. Do not create incompatible declarations of the same function or object
LANG.STRUCT.DECL.MGT DCL23-C. Guarantee that mutually visible identifiers are unique
LANG.STRUCT.DECL.ML DCL04-C. Do not declare more than one variable per declaration
LANG.STRUCT.DECL.RESERVED DCL37-C. Do not declare or define a reserved identifier
LANG.STRUCT.EBS EXP15-C. Do not place a semicolon on the same line as an if, for, or while statement
LANG.STRUCT.EBS MSC12-C. Detect and remove code that has no effect or is never executed
LANG.STRUCT.INIT.ENUM INT09-C. Ensure enumeration constants map to unique values
LANG.STRUCT.LOOP.FPC FLP30-C. Do not use floating-point variables as loop counters
LANG.STRUCT.LOOP.HR MSC21-C. Use robust loop termination conditions
LANG.STRUCT.LOOP.UB MSC21-C. Use robust loop termination conditions
LANG.STRUCT.MRS MSC37-C. Ensure that control never reaches the end of a non-void function
LANG.STRUCT.NTAD EXP34-C. Do not dereference null pointers
LANG.STRUCT.PARENS EXP00-C. Use parentheses for precedence of operation
LANG.STRUCT.PARITH EXP08-C. Ensure pointer arithmetic is used correctly
LANG.STRUCT.PBB ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
LANG.STRUCT.PBB EXP08-C. Ensure pointer arithmetic is used correctly
LANG.STRUCT.PIT DCL05-C. Use typedefs of non-pointer types only
LANG.STRUCT.PPE ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
LANG.STRUCT.PPE EXP08-C. Ensure pointer arithmetic is used correctly
LANG.STRUCT.RC MSC07-C. Detect and remove dead code
LANG.STRUCT.RC MSC12-C. Detect and remove code that has no effect or is never executed
LANG.STRUCT.RPL DCL30-C. Declare objects with appropriate storage durations
LANG.STRUCT.SCOPE.FILE DCL15-C. Declare file-scope objects or functions that do not need external linkage as static
LANG.STRUCT.SCOPE.FILE DCL19-C. Minimize the scope of variables and functions
LANG.STRUCT.SCOPE.LOCAL DCL19-C. Minimize the scope of variables and functions
LANG.STRUCT.SE.COND EXP45-C. Do not perform assignments in selection statements
LANG.STRUCT.SE.SIZEOF EXP44-C. Do not rely on side effects in operands to sizeof, _Alignof, or _Generic
LANG.STRUCT.SW.MB MSC17-C. Finish every set of statements associated with a case label with a break statement
LANG.STRUCT.SW.MPC MSC20-C. Do not use a switch statement to transfer control into a complex block
LANG.STRUCT.UA MSC12-C. Detect and remove code that has no effect or is never executed
LANG.STRUCT.UC MSC07-C. Detect and remove dead code
LANG.STRUCT.UC MSC12-C. Detect and remove code that has no effect or is never executed
LANG.STRUCT.UPD EXP34-C. Do not dereference null pointers
LANG.STRUCT.UPD API00-C. Functions should validate their parameters
LANG.STRUCT.USEASSIGN EXP45-C. Do not perform assignments in selection statements
LANG.STRUCT.UULABEL MSC12-C. Detect and remove code that has no effect or is never executed
LANG.STRUCT.UUMACRO MSC12-C. Detect and remove code that has no effect or is never executed
LANG.STRUCT.UUPARAM MSC12-C. Detect and remove code that has no effect or is never executed
LANG.STRUCT.UUTAG MSC12-C. Detect and remove code that has no effect or is never executed
LANG.STRUCT.UUTYPE MSC12-C. Detect and remove code that has no effect or is never executed
LANG.STRUCT.UUVAL MSC13-C. Detect and remove unused values
LANG.STRUCT.UUVAR MSC12-C. Detect and remove code that has no effect or is never executed
LANG.TYPE.AWID INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
LANG.TYPE.BASIC INT01-C. Use rsize_t or size_t for all integer values representing the size of an object
LANG.TYPE.BFSIGN INT12-C. Do not make assumptions about the type of a plain int bit-field when used in an expression
LANG.TYPE.CSUF DCL16-C. Use "L," not "l," to indicate a long value
LANG.TYPE.IAT STR04-C. Use plain char for characters in the basic character set
LANG.TYPE.ICA STR04-C. Use plain char for characters in the basic character set
LANG.TYPE.IOT EXP46-C. Do not use a bitwise operator with a Boolean-like operand
LANG.TYPE.IOT INT07-C. Use only explicitly signed or unsigned char type for numeric values
LANG.TYPE.IOT INT13-C. Use bitwise operators only on unsigned operands
LANG.TYPE.IOT STR04-C. Use plain char for characters in the basic character set
LANG.TYPE.MOT FLP06-C. Convert integers to floating point for floating-point operations
LANG.TYPE.MOT STR04-C. Use plain char for characters in the basic character set
LANG.TYPE.NCS STR05-C. Use pointers to const when referring to string literals
LANG.TYPE.OC DCL18-C. Do not begin integer constants with 0 when specifying a decimal value
LANG.TYPE.OWID INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
LANG.TYPE.RESTRICT EXP43-C. Avoid undefined behavior when using restrict-qualified pointers
MISC.CRYPTO.NOPAD MSC18-C. Be careful while handling sensitive data, such as passwords, in program code
MISC.FMT FIO30-C. Exclude user input from format strings
MISC.FMT FIO47-C. Use valid format strings
MISC.MEM.NTERM STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
MISC.MEM.NTERM STR03-C. Do not inadvertently truncate a string
MISC.MEM.SIZE.ADDOFLOW INT30-C. Ensure that unsigned integer operations do not wrap
MISC.MEM.SIZE.ADDOFLOW INT32-C. Ensure that operations on signed integers do not result in overflow
MISC.MEM.SIZE.ADDOFLOW INT08-C. Verify that all integer values are in range
MISC.MEM.SIZE.ADDOFLOW INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
MISC.MEM.SIZE.BAD INT30-C. Ensure that unsigned integer operations do not wrap
MISC.MEM.SIZE.BAD INT32-C. Ensure that operations on signed integers do not result in overflow
MISC.MEM.SIZE.BAD MEM35-C. Allocate sufficient memory for an object
MISC.MEM.SIZE.BAD INT08-C. Verify that all integer values are in range
MISC.MEM.SIZE.BAD INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
MISC.MEM.SIZE.BAD MEM05-C. Avoid large stack allocations
MISC.MEM.SIZE.BAD MEM11-C. Do not assume infinite heap space
MISC.MEM.SIZE.MULOFLOW INT30-C. Ensure that unsigned integer operations do not wrap
MISC.MEM.SIZE.MULOFLOW INT32-C. Ensure that operations on signed integers do not result in overflow
MISC.MEM.SIZE.MULOFLOW INT08-C. Verify that all integer values are in range
MISC.MEM.SIZE.MULOFLOW INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
MISC.MEM.SIZE.SUBUFLOW INT30-C. Ensure that unsigned integer operations do not wrap
MISC.MEM.SIZE.SUBUFLOW INT32-C. Ensure that operations on signed integers do not result in overflow
MISC.MEM.SIZE.SUBUFLOW INT08-C. Verify that all integer values are in range
MISC.MEM.SIZE.SUBUFLOW INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
MISC.MEM.SIZE.TRUNC INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
MISC.MEM.SIZE.TRUNC INT02-C. Understand integer conversion rules
MISC.MEM.SIZE.TRUNC INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
MISC.NEGCHAR STR34-C. Cast characters to unsigned char before converting to larger integer sizes
MISC.NEGCHAR STR37-C. Arguments to character-handling functions must be representable as an unsigned char
MISC.NEGCHAR INT05-C. Do not use input functions to convert character data if they cannot handle all possible inputs
MISC.NEGCHAR STR00-C. Represent characters using an appropriate type
MISC.NOEFFECT MSC12-C. Detect and remove code that has no effect or is never executed
MISC.PWD.PLAIN MSC18-C. Be careful while handling sensitive data, such as passwords, in program code
  • No labels