C checkers |
CERT C Secure Coding Standard |
<> |
STR34-C. Cast characters to unsigned char before converting to larger integer sizes |
<unknown> |
ARR01-C. Do not apply the sizeof operator to a pointer when taking the size of an array |
<unknown> |
ARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer |
<unknown> |
ARR30-C. Do not form or use out of bounds pointers or array subscripts |
<unknown> |
ARR33-C. Guarantee that copies are made into storage of sufficient size |
<unknown> |
ARR37-C. Do not add or subtract an integer to a pointer to a non-array object |
<unknown> |
CON33-C. Avoid race conditions when using library functions |
<unknown> |
DCL00-C. Const-qualify immutable objects |
<unknown> |
DCL01-C. Do not reuse variable names in subscopes |
<unknown> |
DCL02-C. Use visually distinct identifiers |
<unknown> |
DCL03-C. Use a static assertion to test the value of a constant expression |
<unknown> |
DCL05-C. Use typedefs to improve code readability |
<unknown> |
DCL06-C. Use meaningful symbolic constants to represent literal values |
<unknown> |
DCL11-C. Understand the type issues associated with variadic functions |
<unknown> |
DCL13-C. Declare function parameters that are pointers to values not changed by the function as const |
<unknown> |
DCL30-C. Declare objects with appropriate storage durations |
<unknown> |
DCL31-C. Declare identifiers before using them |
<unknown> |
DCL32-C. Guarantee that mutually visible identifiers are unique |
<unknown> |
DCL37-C. Do not declare or define a reserved identifier |
<unknown> |
DCL38-C. Use the correct syntax when declaring flexible array members |
<unknown> |
ENV00-C. Do not store the pointer to the string returned by getenv() |
<unknown> |
ENV01-C. Do not make assumptions about the size of an environment variable |
<unknown> |
ENV02-C. Beware of multiple environment variables with the same effective name |
<unknown> |
ENV04-C. Do not call system() if you do not need a command processor |
<unknown> |
ENV30-C. Do not modify the object referenced by the return value of certain functions |
<unknown> |
ENV31-C. Do not rely on an environment pointer following an operation that may invalidate it |
<unknown> |
ENV32-C. All atexit handlers must return normally |
<unknown> |
ERR05-C. Application-independent code should provide error detection without dictating error handling |
<unknown> |
ERR06-C. Understand the termination behavior of assert() and abort() |
<unknown> |
ERR32-C. Do not rely on indeterminate values of errno |
<unknown> |
EXP01-C. Do not take the size of a pointer to determine the size of the pointed-to type |
<unknown> |
EXP02-C. Be aware of the short-circuit behavior of the logical AND and OR operators |
<unknown> |
EXP04-C. Do not perform byte-by-byte comparisons involving a structure |
<unknown> |
EXP05-C. Do not cast away a const qualification |
<unknown> |
EXP06-C. Operands to the sizeof operator should not contain side effects |
<unknown> |
EXP09-C. Use sizeof to determine the size of a type or variable |
<unknown> |
EXP10-C. Do not depend on the order of evaluation of subexpressions or the order in which side effects take place |
<unknown> |
EXP11-C. Do not apply operators expecting one type to data of an incompatible type |
<unknown> |
EXP12-C. Do not ignore values returned by functions |
<unknown> |
EXP14-C. Beware of integer promotion when performing bitwise operations on integer types smaller than int |
<unknown> |
EXP18-C. Do not perform assignments in selection statements |
<unknown> |
EXP30-C. Do not depend on order of evaluation between sequence points |
<unknown> |
EXP32-C. Do not access a volatile object through a non-volatile reference |
<unknown> |
EXP33-C. Do not reference uninitialized memory |
<unknown> |
EXP34-C. Do not dereference null pointers |
<unknown> |
EXP36-C. Do not convert pointers into more strictly aligned pointer types |
<unknown> |
EXP37-C. Call functions with the arguments intended by the API |
<unknown> |
FIO01-C. Be careful using functions that use file names for identification |
<unknown> |
FIO02-C. Canonicalize path names originating from untrusted sources |
<unknown> |
FIO04-C. Detect and handle input and output errors |
<unknown> |
FIO05-C. Identify files using multiple file attributes |
<unknown> |
FIO07-C. Prefer fseek() to rewind() |
<unknown> |
FIO08-C. Take care when calling remove() on an open file |
<unknown> |
FIO09-C. Be careful with binary data when transferring data across systems |
<unknown> |
FIO11-C. Take care when specifying the mode parameter of fopen() |
<unknown> |
FIO12-C. Prefer setvbuf() to setbuf() |
<unknown> |
FIO13-C. Never push back anything other than one read character |
<unknown> |
FIO30-C. Exclude user input from format strings |
<unknown> |
FIO32-C. Do not perform operations on devices that are only appropriate for files |
<unknown> |
FIO33-C. Detect and handle input output errors resulting in undefined behavior |
<unknown> |
FIO34-C. Use int to capture the return value of character IO functions |
<unknown> |
FIO37-C. Do not assume that fgets() returns a nonempty string when successful |
<unknown> |
FIO38-C. Do not use a copy of a FILE object for input and output |
<unknown> |
FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call |
<unknown> |
FIO42-C. Ensure files are properly closed when they are no longer needed |
<unknown> |
FIO43-C. Do not create temporary files in shared directories |
<unknown> |
FIO44-C. Only use values for fsetpos() that are returned from fgetpos() |
<unknown> |
FLP02-C. Avoid using floating point numbers when precise computation is needed |
<unknown> |
FLP03-C. Detect and handle floating point errors |
<unknown> |
FLP30-C. Do not use floating point variables as loop counters |
<unknown> |
FLP33-C. Convert integers to floating point for floating point operations |
<unknown> |
FLP34-C. Ensure that floating point conversions are within range of the new type |
<unknown> |
INT01-C. Use rsize_t or size_t for all integer values representing the size of an object |
<unknown> |
INT05-C. Do not use input functions to convert character data if they cannot handle all possible inputs |
<unknown> |
INT06-C. Use strtol() or a related function to convert a string token to an integer |
<unknown> |
INT07-C. Use only explicitly signed or unsigned char type for numeric values |
<unknown> |
INT08-C. Verify that all integer values are in range |
<unknown> |
INT09-C. Ensure enumeration constants map to unique values |
<unknown> |
INT11-C. Take care when converting from pointer to integer or integer to pointer |
<unknown> |
INT12-C. Do not make assumptions about the type of a plain int bit-field when used in an expression |
<unknown> |
INT13-C. Use bitwise operators only on unsigned operands |
<unknown> |
INT14-C. Avoid performing bitwise and arithmetic operations on the same data |
<unknown> |
INT15-C. Use intmax_t or uintmax_t for formatted IO on programmer-defined integer types |
<unknown> |
INT30-C. Ensure that unsigned integer operations do not wrap |
<unknown> |
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
<unknown> |
INT33-C. Ensure that division and modulo operations do not result in divide-by-zero errors |
<unknown> |
INT34-C. Do not shift a negative number of bits or more bits than exist in the operand |
<unknown> |
INT35-C. Evaluate integer expressions in a larger size before comparing or assigning to that size |
<unknown> |
MEM00-C. Allocate and free memory in the same module, at the same level of abstraction |
<unknown> |
MEM01-C. Store a new value in pointers immediately after free() |
<unknown> |
MEM02-C. Immediately cast the result of a memory allocation function call into a pointer to the allocated type |
<unknown> |
MEM03-C. Clear sensitive information stored in reusable resources |
<unknown> |
MEM04-C. Do not perform zero length allocations |
<unknown> |
MEM07-C. Ensure that the arguments to calloc(), when multiplied, can be represented as a size_t |
<unknown> |
MEM08-C. Use realloc() only to resize dynamically allocated arrays |
<unknown> |
MEM30-C. Do not access freed memory |
<unknown> |
MEM31-C. Free dynamically allocated memory exactly once |
<unknown> |
MEM32-C. Detect and handle memory allocation errors |
<unknown> |
MEM33-C. Allocate and copy structures containing flexible array members dynamically |
<unknown> |
MEM34-C. Only free memory allocated dynamically |
<unknown> |
MEM35-C. Allocate sufficient memory for an object |
<unknown> |
MSC01-C. Strive for logical completeness |
<unknown> |
MSC02-C. Avoid errors of omission |
<unknown> |
MSC03-C. Avoid errors of addition |
<unknown> |
MSC05-C. Do not manipulate time_t typed values directly |
<unknown> |
MSC17-C. Finish every set of statements associated with a case label with a break statement |
<unknown> |
MSC21-C. Use robust loop termination conditions |
<unknown> |
MSC30-C. Do not use the rand() function for generating pseudorandom numbers |
<unknown> |
MSC31-C. Ensure that return values are compared against the proper type |
<unknown> |
MSC32-C. Ensure your random number generator is properly seeded |
<unknown> |
POS01-C. Check for the existence of links when dealing with files |
<unknown> |
POS30-C. Use the readlink() function properly |
<unknown> |
POS33-C. Do not use vfork() |
<unknown> |
POS34-C. Do not call putenv() with a pointer to an automatic variable as the argument |
<unknown> |
POS35-C. Avoid race conditions while checking for the existence of a symbolic link |
<unknown> |
POS36-C. Observe correct revocation order while relinquishing privileges |
<unknown> |
SIG01-C. Understand implementation-specific details regarding signal handler persistence |
<unknown> |
SIG30-C. Call only asynchronous-safe functions within signal handlers |
<unknown> |
SIG31-C. Do not access or modify shared objects in signal handlers |
<unknown> |
SIG32-C. Do not call longjmp() from inside a signal handler |
<unknown> |
SIG33-C. Do not recursively invoke the raise() function |
<unknown> |
SIG34-C. Do not call signal() from within interruptible signal handlers |
<unknown> |
STR03-C. Do not inadvertently truncate a null-terminated byte string |
<unknown> |
STR04-C. Use plain char for characters in the basic character set |
<unknown> |
STR05-C. Use pointers to const when referring to string literals |
<unknown> |
STR06-C. Do not assume that strtok() leaves the parse string unchanged |
<unknown> |
STR30-C. Do not attempt to modify string literals |
<unknown> |
STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator |
<unknown> |
STR32-C. Null-terminate byte strings as required |
<unknown> |
STR33-C. Size wide character strings correctly |
<unknown> |
STR35-C. Do not copy data from an unbounded source to a fixed-length array |
<unknown> |
STR36-C. Do not specify the bound of a character array initialized with a string literal |
<unknown> |
STR37-C. Arguments to character handling functions must be representable as an unsigned char |
