C checkers |
CERT C Secure Coding Standard |
ABR |
ARR33-C. Guarantee that copies are made into storage of sufficient size |
ABV.ITERATOR |
ARR30-C. Do not form or use out of bounds pointers or array subscripts |
ASSIGCOND.BOOL |
MSC02-C. Avoid errors of omission |
ASSIGCOND.CALL |
EXP18-C. Do not perform assignments in selection statements |
ASSIGCOND.CALL |
MSC02-C. Avoid errors of omission |
ASSIGCOND.GEN |
EXP18-C. Do not perform assignments in selection statements |
ASSIGCOND.GEN |
MSC02-C. Avoid errors of omission |
EFFECT |
EXP16-C. Do not compare function pointers to constant values |
EFFECT |
MSC02-C. Avoid errors of omission |
EFFECT |
MSC12-C. Detect and remove code that has no effect |
FNH.MIGHT |
MEM34-C. Only free memory allocated dynamically |
FNH.MUST |
MEM34-C. Only free memory allocated dynamically |
FUM.GEN.MIGHT |
MEM34-C. Only free memory allocated dynamically |
FUM.GEN.MUST |
MEM34-C. Only free memory allocated dynamically |
IF_DEF_IN_HEADER_DECL |
DCL36-C. Do not declare an identifier with conflicting linkage classifications |
IF_DUPL_HEADER |
PRE08-C. Guarantee that header file names are unique |
IF_MISS_DECL |
DCL31-C. Declare identifiers before using them |
IF_MULTI_DECL |
DCL01-C. Do not reuse variable names in subscopes |
IF_MULTI_DECL |
DCL36-C. Do not declare an identifier with conflicting linkage classifications |
IF_MULTI_DEF |
DCL01-C. Do not reuse variable names in subscopes |
IF_MULTI_KIND |
DCL01-C. Do not reuse variable names in subscopes |
INCORRECT.ALLOC_SIZE |
EXP01-C. Do not take the size of a pointer to determine the size of the pointed-to type |
LA_UNUSED |
MSC01-C. Strive for logical completeness |
LOCRET.* |
DCL30-C. Declare objects with appropriate storage durations |
LV_UNUSED.GEN |
MSC07-C. Detect and remove dead code |
MLK |
MEM31-C. Free dynamically allocated memory exactly once |
NNTS |
STR03-C. Do not inadvertently truncate a null-terminated byte string |
NNTS |
STR32-C. Null-terminate byte strings as required |
NNTS.TAINTED |
STR02-C. Sanitize data passed to complex subsystems |
NNTS.TAINTED |
STR35-C. Do not copy data from an unbounded source to a fixed-length array |
NPD.* RNPD. |
EXP34-C. Do not dereference null pointers |
PRECISION.LOSS |
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
RETVOID.IMPLICIT |
DCL31-C. Declare identifiers before using them |
RH.LEAK |
FIO42-C. Ensure files are properly closed when they are no longer needed |
SEMICOL |
EXP15-C. Do not place a semicolon on the same line as an if, for, or while statement |
SEMICOL |
MSC03-C. Avoid errors of addition |
SV.CODE_INJECTION.SHELL_EXEC |
ENV04-C. Do not call system() if you do not need a command processor |
SV.CUDS.MISSING_ABSOLUTE_PATH |
FIO02-C. Canonicalize path names originating from untrusted sources |
SV.FIU.PERMISSIONS |
POS36-C. Observe correct revocation order while relinquishing privileges |
SV.FIU.PERMISSIONS |
POS37-C. Ensure that privilege relinquishment is successful |
SV.FMT_STR.BAD_SCAN_FORMAT |
STR33-C. Size wide character strings correctly |
SV.FMTSTR.GENERIC |
FIO30-C. Exclude user input from format strings |
SV.RVT.RETVAL_NOTTESTED |
EXP12-C. Do not ignore values returned by functions |
SV.STRBO.GETS |
STR35-C. Do not copy data from an unbounded source to a fixed-length array |
SV.TAINTED.FMTSTR |
FIO30-C. Exclude user input from format strings |
SV.TAINTED.INJECTION |
ENV04-C. Do not call system() if you do not need a command processor |
SV.TAINTED.INJECTION |
STR02-C. Sanitize data passed to complex subsystems |
SV.TAINTED.LOOP_BOUND |
ARR30-C. Do not form or use out of bounds pointers or array subscripts |
SV.TOCTOU.FILE_ACCESS |
FIO01-C. Be careful using functions that use file names for identification |
SV.USAGERULES.PERMISSIONS |
POS36-C. Observe correct revocation order while relinquishing privileges |
SV.USAGERULES.PERMISSIONS |
POS37-C. Ensure that privilege relinquishment is successful |
SV.USAGERULES.PROCESS_VARIANTS |
POS33-C. Do not use vfork() |
SV.USAGERULES.UNBOUNDED_STRING_COPY |
STR35-C. Do not copy data from an unbounded source to a fixed-length array |
SV.USAGERULES.UNINTENDED_COPY |
MEM03-C. Clear sensitive information stored in reusable resources |
UFM.DEREF.MIGHT |
MEM30-C. Do not access freed memory |
UFM.DEREF.MUST |
MEM30-C. Do not access freed memory |
UFM.FFM |
MEM31-C. Free dynamically allocated memory exactly once |
UFM.RETURN.MIGHT |
MEM30-C. Do not access freed memory |
UFM.RETURN.MUST |
MEM30-C. Do not access freed memory |
UFM.USE.MIGHT |
MEM30-C. Do not access freed memory |
UFM.USE.MUST |
MEM30-C. Do not access freed memory |
UNINIT.HEAP.MIGHT |
EXP33-C. Do not reference uninitialized memory |
UNINIT.HEAP.MUST |
EXP33-C. Do not reference uninitialized memory |
UNINIT.STACK.ARRAY.MIGHT |
EXP33-C. Do not reference uninitialized memory |
UNINIT.STACK.ARRAY.MUST |
EXP33-C. Do not reference uninitialized memory |
UNINIT.STACK.ARRAY.PARTIAL.MUST |
EXP33-C. Do not reference uninitialized memory |
UNINIT.STACK.MUST |
EXP33-C. Do not reference uninitialized memory |
<unknown> |
ARR30-C. Do not form or use out of bounds pointers or array subscripts |
<unknown> |
DCL01-C. Do not reuse variable names in subscopes |
<unknown> |
DCL01-C. Do not reuse variable names in subscopes |
<unknown> |
DCL30-C. Declare objects with appropriate storage durations |
<unknown> |
DCL30-C. Declare objects with appropriate storage durations |
<unknown> |
DCL31-C. Declare identifiers before using them |
<unknown> |
DCL36-C. Do not declare an identifier with conflicting linkage classifications |
<unknown> |
ENV04-C. Do not call system() if you do not need a command processor |
<unknown> |
ENV04-C. Do not call system() if you do not need a command processor |
<unknown> |
EXP18-C. Do not perform assignments in selection statements |
<unknown> |
EXP33-C. Do not reference uninitialized memory |
<unknown> |
EXP33-C. Do not reference uninitialized memory |
<unknown> |
EXP33-C. Do not reference uninitialized memory |
<unknown> |
EXP33-C. Do not reference uninitialized memory |
<unknown> |
EXP33-C. Do not reference uninitialized memory |
<unknown> |
FIO30-C. Exclude user input from format strings |
<unknown> |
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
<unknown> |
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
<unknown> |
MEM30-C. Do not access freed memory |
<unknown> |
MEM30-C. Do not access freed memory |
<unknown> |
MEM30-C. Do not access freed memory |
<unknown> |
MEM30-C. Do not access freed memory |
<unknown> |
MEM30-C. Do not access freed memory |
<unknown> |
MEM30-C. Do not access freed memory |
<unknown> |
MEM30-C. Do not access freed memory |
<unknown> |
MEM30-C. Do not access freed memory |
<unknown> |
MEM30-C. Do not access freed memory |
<unknown> |
MEM30-C. Do not access freed memory |
<unknown> |
MEM30-C. Do not access freed memory |
<unknown> |
MEM31-C. Free dynamically allocated memory exactly once |
<unknown> |
MEM31-C. Free dynamically allocated memory exactly once |
<unknown> |
MEM31-C. Free dynamically allocated memory exactly once |
<unknown> |
MEM31-C. Free dynamically allocated memory exactly once |
<unknown> |
MEM34-C. Only free memory allocated dynamically |
<unknown> |
MEM34-C. Only free memory allocated dynamically |
<unknown> |
MEM34-C. Only free memory allocated dynamically |
<unknown> |
MEM34-C. Only free memory allocated dynamically |
<unknown> |
MEM34-C. Only free memory allocated dynamically |
<unknown> |
MSC02-C. Avoid errors of omission |
<unknown> |
MSC02-C. Avoid errors of omission |
<unknown> |
MSC02-C. Avoid errors of omission |
<unknown> |
MSC02-C. Avoid errors of omission |
<unknown> |
MSC07-C. Detect and remove dead code |
<unknown> |
MSC07-C. Detect and remove dead code |
<unknown> |
MSC13-C. Detect and remove unused values |
<unknown> |
POS36-C. Observe correct revocation order while relinquishing privileges |
<unknown> |
POS37-C. Ensure that privilege relinquishment is successful |
<unknown> |
STR02-C. Sanitize data passed to complex subsystems |
<unknown> |
STR02-C. Sanitize data passed to complex subsystems |
<unknown> |
STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator |
<unknown> |
STR35-C. Do not copy data from an unbounded source to a fixed-length array |
<unknown> |
STR35-C. Do not copy data from an unbounded source to a fixed-length array |
<unknown> |
STR35-C. Do not copy data from an unbounded source to a fixed-length array |
<unknown> |
STR35-C. Do not copy data from an unbounded source to a fixed-length array |
UNREACH.* |
MSC07-C. Detect and remove dead code |
VA_UNUSED.* |
MSC07-C. Detect and remove dead code |