SEI CERT C Coding Standard

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

Generated Content

This page is automatically generated from the "Automated Detection" sections in the individual guidelines. Do not modify this page directly.

Version number

V. 9.1

C checkers

CERT C Secure Coding Standard

UFM.DEREF.MUST

MEM30-C. Do not access freed memory

UNINIT.STACK.ARRAY.PARTIAL.MUST

EXP33-C. Do not reference uninitialized memory

SV.TAINTED.LOOP_BOUND

ARR30-C. Do not form or use out of bounds pointers or array subscripts

FUM.GEN.MIGHT

MEM34-C. Only free memory allocated dynamically

SV.STRBO.GETS

STR35-C. Do not copy data from an unbounded source to a fixed-length array

SV.RVT.RETVAL_NOTTESTED

EXP12-C. Do not ignore values returned by functions

SV.FMTSTR.GENERIC

FIO30-C. Exclude user input from format strings

UFM.RETURN.MUST

MEM30-C. Do not access freed memory

UNINIT.STACK.ARRAY.MUST

EXP33-C. Do not reference uninitialized memory

IF_DUPL_HEADER

PRE08-C. Guarantee that header file names are unique

UFM.FFM

MEM31-C. Free dynamically allocated memory exactly once

LOCRET.*

DCL30-C. Declare objects with appropriate storage durations

ASSIGCOND.GEN

MSC02-C. Avoid errors of omission

ASSIGCOND.CALL

MSC02-C. Avoid errors of omission

UNINIT.STACK.ARRAY.MIGHT

EXP33-C. Do not reference uninitialized memory

SV.CUDS.MISSING_ABSOLUTE_PATH

FIO02-C. Canonicalize path names originating from untrusted sources

UFM.USE.MIGHT

MEM30-C. Do not access freed memory

FNH.MIGHT

MEM34-C. Only free memory allocated dynamically

PRECISION.LOSS

INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data

ABV.ITERATOR

ARR30-C. Do not form or use out of bounds pointers or array subscripts

SV.FIU.PERMISSIONS

POS37-C. Ensure that privilege relinquishment is successful

IF_MULTI_KIND

DCL01-C. Do not reuse variable names in subscopes

UFM.RETURN.MIGHT

MEM30-C. Do not access freed memory

NPD.* RNPD.

EXP34-C. Do not dereference null pointers

LV_UNUSED.GEN

MSC07-C. Detect and remove dead code

SV.FMT_STR.BAD_SCAN_FORMAT

STR33-C. Size wide character strings correctly

ASSIGCOND.BOOL

MSC02-C. Avoid errors of omission

SV.USAGERULES.PERMISSIONS

POS37-C. Ensure that privilege relinquishment is successful

SV.TAINTED.INJECTION

STR02-C. Sanitize data passed to complex subsystems

MLK

MEM31-C. Free dynamically allocated memory exactly once

UNINIT.HEAP.MUST

EXP33-C. Do not reference uninitialized memory

EFFECT

MSC12-C. Detect and remove code that has no effect

SV.USAGERULES.PROCESS_VARIANTS

POS33-C. Do not use vfork()

IF_MULTI_DECL

DCL36-C. Do not declare an identifier with conflicting linkage classifications

ABR

ARR33-C. Guarantee that copies are made into storage of sufficient size

IF_MULTI_DEF

DCL01-C. Do not reuse variable names in subscopes

NNTS.TAINTED

STR35-C. Do not copy data from an unbounded source to a fixed-length array

UNINIT.HEAP.MIGHT

EXP33-C. Do not reference uninitialized memory

IF_DEF_IN_HEADER_DECL

DCL36-C. Do not declare an identifier with conflicting linkage classifications

SV.USAGERULES.UNBOUNDED_STRING_COPY

STR35-C. Do not copy data from an unbounded source to a fixed-length array

FUM.GEN.MUST

MEM34-C. Only free memory allocated dynamically

UFM.USE.MUST

MEM30-C. Do not access freed memory

SV.TAINTED.FMTSTR

FIO30-C. Exclude user input from format strings

SV.TOCTOU.FILE_ACCESS

FIO01-C. Be careful using functions that use file names for identification

<unknown>

STR35-C. Do not copy data from an unbounded source to a fixed-length array

UFM.DEREF.MIGHT

MEM30-C. Do not access freed memory

FNH.MUST

MEM34-C. Only free memory allocated dynamically

SEMICOL

MSC03-C. Avoid errors of addition

SV.CODE_INJECTION.SHELL_EXEC

ENV04-C. Do not call system() if you do not need a command processor

LA_UNUSED

MSC01-C. Strive for logical completeness

VA_UNUSED.*

MSC07-C. Detect and remove dead code

RETVOID.IMPLICIT

DCL31-C. Declare identifiers before using them

UNINIT.STACK.MUST

EXP33-C. Do not reference uninitialized memory

INCORRECT.ALLOC_SIZE

EXP01-C. Do not take the size of a pointer to determine the size of the pointed-to type

RH.LEAK

FIO42-C. Ensure files are properly closed when they are no longer needed

UNREACH.*

MSC07-C. Detect and remove dead code

IF_MISS_DECL

DCL31-C. Declare identifiers before using them

SV.USAGERULES.UNINTENDED_COPY

MEM03-C. Clear sensitive information stored in reusable resources

NNTS

STR32-C. Null-terminate byte strings as required

  • No labels