...
Tool | Version | Checker | Description | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| char-sign-conversion | Fully checked | ||||||||||
| Axivion Bauhaus Suite |
| CertC-STR34 | Fully implemented | ||||||||||
| CodeSonar |
| MISC.NEGCHAR | Negative Character Value | ||||||||||
| Compass/ROSE | Can detect violations of this rule when checking for violations of INT07-C. Use only explicitly signed or unsigned char type for numeric values | ||||||||||||
| Coverity |
| MISRA C 2012 Rule 10.1 MISRA C 2012 Rule 10.2 MISRA C 2012 Rule 10.3 MISRA C 2012 Rule 10.4 | Implemented Essential type checkers | ||||||||||
| CC2.STR34 | Fully implemented | |||||||||||
| GCC | 2.95 and later | Detects objects of type | |||||||||||
| Helix QAC |
| ||||||||||||
| LDRA tool suite |
| 434 S | Partially implemented | ||||||||||
| Parasoft C/C++test |
| CERT_C-STR34-b | Cast characters to unsigned char before assignment to larger integer sizes | ||||||||||
| PC-lint Plus |
| 571 | Partially supported | ||||||||||
| CERT C: Rule STR34-C | Checks for misuse of sign-extended character value (rule fully covered) | |||||||||||
| PRQA QA-C |
| 2140, 2141, 2143, 2144, 2145, 2147, 2148, 2149, 2151, 2152, 2153, 2155 | Fully implemented | ||||||||||
| PRQA QA-C++ |
| 3051 | |||||||||||
| RuleChecker |
| char-sign-conversion | Fully checked | ||||||||||
| TrustInSoft Analyzer |
| out of bounds read | Partially verified (exhaustively detects undefined behavior). | Helix QAC | | Include Page | | Helix QAC_V | Helix QAC_V
Related Vulnerabilities
CVE-2009-0887 results from a violation of this rule. In Linux PAM (up to version 1.0.3), the libpam implementation of strtok() casts a (potentially signed) character to an integer for use as an index to an array. An attacker can exploit this vulnerability by inputting a string with non-ASCII characters, causing the cast to result in a negative index and accessing memory outside of the array [xorl 2009].
...