SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 85

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 86

changes.mady.by.user Arthur Hicken

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: added parasoft

...

Conversion of character data resulting in a value in excess of UCHAR_MAX is an often-missed error that can result in a disturbingly broad range of potentially severe vulnerabilities.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

STR34-C

Medium

Probable

Medium

P8

L2

Automated Detection

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
MISC.NEGCHARNegative Character Value
Compass/ROSE
  


Can detect violations of this rule when checking for violations of INT07-C. Use only explicitly signed or unsigned char type for numeric values

Coverity
Include Page
Coverity_V
Coverity_V

MISRA C 2012 Rule 10.1

MISRA C 2012 Rule 10.2

MISRA C 2012 Rule 10.3

MISRA C 2012 Rule 10.4

Implemented

Essential type checkers

ECLAIR

Include Page
ECLAIR_V
ECLAIR_V

CC2.STR34

Fully implemented
GCC

2.95 and later

-Wchar-subscripts

Detects objects of type char used as array indices

LDRA tool suite
Include Page
LDRA_V
LDRA_V

434 S

Partially implemented
Parasoft C/C++test10.3MISRA2004-10_1_b MISRA2004-10_2_a MISRA2004-11_4
PRQA QA-C
Include Page
PRQA QA-C_v
PRQA QA-C_v
4413, 4414Fully implemented
 PRQA QA-C++ 4.23051 
 

Related Vulnerabilities

CVE-2009-0887 results from a violation of this rule. In Linux PAM (up to version 1.0.3), the libpam implementation of strtok() casts a (potentially signed) character to an integer for use as an index to an array. An attacker can exploit this vulnerability by inputting a string with non-ASCII characters, causing the cast to result in a negative index and accessing memory outside of the array [xorl 2009].

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C Secure Coding StandardSTR37-C. Arguments to character-handling functions must be representable as an unsigned char
STR04-C. Use plain char for characters in the basic character set
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
ISO/IEC TS 17961:2013Conversion of signed characters to wider integer types before a check for EOF [signconv]
MISRA-C:2012

Rule 10.1 (required)

Rule 10.2 (required)

Rule 10.3 (required)

Rule 10.4 (required)

MITRE CWECWE-704, Incorrect Type Conversion or Cast

Bibliography

[xorl 2009]CVE-2009-0887: Linux-PAM Signedness Issue

...


...