SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 111

changes.mady.by.user Jill Britton

Saved on

compared with

New Version 112

changes.mady.by.user Swasti Shrivastava

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
function-argument-with-paddingPartially checked
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-DCL39Detects composite structures with padding, in particular those passed to trust boundary routines.
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

MISC.PADDING.POTB

Padding Passed Across a Trust Boundary

Cppcheck Premium
24.9.0

premium-cert-dcl39-c

Fully implemented

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

DF4941, DF4942, DF4943

Fully implemented
Klocwork
Include Page
Klocwork_V
Klocwork_V
PORTING.STORAGE.STRUCT

Fully implemented
Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_C-DCL39-a

A pointer to a structure should not be passed to a function that can copy data to the user space

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule DCL39-CChecks for information leak via structure padding 
RuleChecker
Include Page
RuleChecker_V
RuleChecker_V
function-argument-with-paddingPartially checked

Related Vulnerabilities

Numerous vulnerabilities in the Linux Kernel have resulted from violations of this rule. CVE-2010-4083 describes a vulnerability in which the semctl() system call allows unprivileged users to read uninitialized kernel stack memory because various fields of a semid_ds struct declared on the stack are not altered or zeroed before being copied back to the user.

...