SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 44

changes.mady.by.user Jill Britton

Saved on

compared with

New Version 45

changes.mady.by.user Anirban Gangopadhyay

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Automated Detection

Tool

Version

Checker

Description

Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-FIO34
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
LANG.CAST.COERCECoercion alters value
Compass/ROSE




Coverity
Include Page
Coverity_V
Coverity_V

CHAR_IO

Identifies defects when the return value of fgetc()getc(), or getchar() is incorrectly assigned to a char instead of an int. Coverity Prevent cannot discover all violations of this rule, so further verification is necessary

ECLAIR1.2

CC2.FIO34

Partially implemented

Klocwork
Include Page
Klocwork_V
Klocwork_V
CWARN.CMPCHR.EOF
LDRA tool suite
Include Page
LDRA_V
LDRA_V
662 S
Fully implemented
Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V

CERT_C-FIO34-a

Avoid implicit conversions from wider to narrower types

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

Character value absorbed into EOF

MISRA C:2012 Rule 22.7


Data type conversion makes a valid character value same as End-of-File (EOF)

The macro EOF shall only be compared with the unmodified return value from any Standard Library function capable of returning EOFChecks for character values absorbed into EOF (rule partially covered)

PRQA QA-C

Include Page
PRQA QA-C_v
PRQA QA-C_v

2676, 2678
PRQA QA-C++

Include Page
cplusplus:PRQA QA-C++_V
cplusplus:PRQA QA-C++_V

3001, 3010, 3051, 3137, 3717 
Splint3.1.1



Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

Key here (explains table format and definitions)

Taxonomy

Taxonomy item

Relationship

CERT C Secure Coding StandardSTR00-C. Represent characters using an appropriate typePrior to 2018-01-12: CERT: Unspecified Relationship
CERT C Secure Coding StandardINT31-C. Ensure that integer conversions do not result in lost or misinterpreted dataPrior to 2018-01-12: CERT: Unspecified Relationship
CERT Oracle Secure Coding Standard for JavaFIO08-J. Use an int to capture the return value of methods that read a character or bytePrior to 2018-01-12: CERT: Unspecified Relationship
ISO/IEC TS 17961:2013Using character values that are indistinguishable from EOF [chreof]Prior to 2018-01-12: CERT: Unspecified Relationship
CWE 2.11CWE-1972017-06-14: CERT: Rule subset of CWE

CERT-CWE Mapping Notes

Key here for mapping notes

CWE-197 and FIO34-C

Independent( FLP34-C, INT31-C) FIO34-C = Subset( INT31-C)

Therefore: FIO34-C = Subset( CWE-197)

Bibliography

[Kettlewell 2002]Section 1.2, "<stdio.h> and Character Types"
[NIST 2006]SAMATE Reference Dataset Test Case ID 000-000-088
[Summit 2005]Question 12.2