SEI CERT C Coding Standard

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

   Description -

             A programmer should keep a check on the following (sub-sections):

                        - ‘n’ > size of ’p’                                                                                     // for func(p,n)

                        - ‘n’ and ‘p’ are not compatible

                        - ‘n’ > size of ‘p’ or size of ‘q’ || ‘p’ and ‘q’ are not compatible                     // for func(p,q, n)

                        - ‘p’ and ‘q’ are compatible but not with ‘n’

                        - Correct usage of expression E                                                              // for E: T* = mem_alloc(n)

 

Non-Compliant Code Example

            // NCCE example

   *Remember to follow the desired coding style

Compliant Solution

            // CS example

   *Remember to follow the desired coding style

 

Risk Assessment

Depending on the library function called, the attacker may be able to use a heap overflow vulnerability to run arbitrary code. The detection of checks specified in description can be automated but the remediation has to be manual.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

ARR38-C

high

likely

medium

P18

L1

Related Guidelines

Bibliography

  • No labels