SEI CERT C Coding Standard

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 52 Next »

Compile code using the highest warning level available for your compiler and eliminate warnings by modifying the code.

According to the C Standard, section 5.1.1.3 [ISO/IEC 9899:2011],

A conforming implementation shall produce at least one diagnostic message (identified in an implementation-defined manner) if a preprocessing translation unit or translation unit contains a violation of any syntax rule or constraint, even if the behavior is also explicitly specified as undefined or implementation-defined. Diagnostic messages need not be produced in other circumstances.

Assuming a conforming implementation, eliminating diagnostic messages will eliminate any syntactic or constraint violations.

If suitable source code–checking tools are available, use them regularly.

Exceptions

MSC00-EX1: Compilers can produce diagnostic messages for correct code, as is permitted by C [ISO/IEC 9899:2011]. It is usually preferable to rewrite code to eliminate compiler warnings, but if the code is correct, it is sufficient to provide a comment explaining why the warning message does not apply. Some compilers provide ways to suppress warnings, such as suitably formatted comments or pragmas, which can be used sparingly when the programmer understands the implications of the warning but has good reason to use the flagged construct anyway.

Do not simply quiet warnings by adding type casts or other means. Instead, understand the reason for the warning and consider a better approach, such as using matching types and avoiding type casts whenever possible.

Risk Assessment

Eliminating violations of syntax rules and other constraints can eliminate serious software vulnerabilities that can lead to the execution of arbitrary code with the permissions of the vulnerable process.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

MSC00-C

medium

probable

medium

P8

L2

 

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C++ Secure Coding Standard: MSC00-CPP. Compile cleanly at high warning levels

ISO/IEC 9899:2011Section 5.1.1.3, "Diagnostics"

MITRE CWE: CWE-563, "Unused variable"

MITRE CWE: CWE-570, "Expression is always false"

MITRE CWE: CWE-571, "Expression is always true"

Sources

[Sutter 2005] Item 1
[Seacord 2005a] Chapter 8, "Recommended Practices"

  • No labels