Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Automated Detection

Helix QAC_V

Tool

Version

Checker

Description

Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-FIO34
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
LANG.CAST.COERCECoercion alters value
Compass/ROSE




Coverity
Include Page
Coverity_V
Coverity_V

CHAR_IO

Identifies defects when the return value of fgetc()getc(), or getchar() is incorrectly assigned to a char instead of an int. Coverity Prevent cannot discover all violations of this rule, so further verification is necessary

ECLAIR1.2

CC2.FIO34

Partially implemented

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V



Klocwork
Include Page
Klocwork_V
Klocwork_V
CWARN.CMPCHR.EOF
LDRA tool suite
Include Page
LDRA_V
LDRA_V
662 S
Fully implemented
Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V

CERT_C-FIO34-a

The macro EOF should be compared with the unmodified return value from the Standard Library function

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule FIO34-C


Checks for character values absorbed into EOF (rule partially covered)

PRQA QA-C

Include Page
PRQA QA-C_v
PRQA QA-C_v

2676, 2678
PRQA QA-C++

Include Page
cplusplus:PRQA QA-C++_V
cplusplus:PRQA QA-C++_V

2676, 2678, 3001, 3010, 3051, 3137, 3717
Splint3.1.1Helix QAC
Include Page
Helix QAC_V



Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

Key here (explains table format and definitions)

Taxonomy

Taxonomy item

Relationship

CERT C Secure Coding StandardSTR00-C. Represent characters using an appropriate typePrior to 2018-01-12: CERT: Unspecified Relationship
CERT C Secure Coding StandardINT31-C. Ensure that integer conversions do not result in lost or misinterpreted dataPrior to 2018-01-12: CERT: Unspecified Relationship
CERT Oracle Secure Coding Standard for JavaFIO08-J. Use an int to capture the return value of methods that read a character or bytePrior to 2018-01-12: CERT: Unspecified Relationship
ISO/IEC TS 17961:2013Using character values that are indistinguishable from EOF [chreof]Prior to 2018-01-12: CERT: Unspecified Relationship
CWE 2.11CWE-1972017-06-14: CERT: Rule subset of CWE

CERT-CWE Mapping Notes

Key here for mapping notes

CWE-197 and FIO34-C

Independent( FLP34-C, INT31-C) FIO34-C = Subset( INT31-C)

Therefore: FIO34-C = Subset( CWE-197)

Bibliography

[Kettlewell 2002]Section 1.2, "<stdio.h> and Character Types"
[NIST 2006]SAMATE Reference Dataset Test Case ID 000-000-088
[Summit 2005]Question 12.2