SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 118

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 119

changes.mady.by.user Swasti Shrivastava

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
error-information-unused
error-information-unused-computed		Partially checked
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-ERR33
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

LANG.FUNCS.IRV
LANG.ERRCODE.NOTEST
LANG.ERRCODE.NZ

Ignored return value
Missing Test of Error Code
Non-zero Error Code
Compass/ROSE

Can detect violations of this recommendation when checking for violations of EXP12-C. Do not ignore values returned by functions and EXP34-C. Do not dereference null pointers

Coverity
Include Page
Coverity_V
Coverity_V

MISRA C 2012 Rule 22.8

MISRA C 2012 Rule 22.9

MISRA C 2012 Rule 22.10

Implemented
Cppcheck Premium

Include Page
Cppcheck Premium_V
Cppcheck Premium_V

premium-cert-err33-cPartially implemented
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C3200

C++3802, C++3803, C++3804

DF2820, DF2821, DF2822, DF2823, DF2824, DF2930, DF2931, DF2932, DF2933, DF2934


Klocwork
Include Page
Klocwork_V
Klocwork_V

NPD.CHECK.MUST
NPD.FUNC.MUST
SV.RVT.RETVAL_NOTTESTED


LDRA tool suite
Include Page
LDRA_V
LDRA_V

80 D

Partially implemented
Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V

CERT_C-ERR33-a
CERT_C-ERR33-b
CERT_C-ERR33-d

The value returned by a standard library function that may return an error should be used
The standard library functions for which return values need not be checked should be cast to 'void'
Always check the returned value of non-void function

Parasoft Insure++

Runtime analysis
PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

534

Partially supported

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule ERR33-C


Checks for:

  • Errno not checked
  • Return value of a sensitive function not checked
  • Unprotected dynamic memory allocation

Rule partially covered.

RuleChecker

Include Page
RuleChecker_V
RuleChecker_V

error-information-unusedPartially checked
TrustInSoft Analyzer

Include Page
TrustInSoft Analyzer_V
TrustInSoft Analyzer_V

pointer arithmeticExhaustively verified.

Related Vulnerabilities

The vulnerability in Adobe Flash [VU#159523] arises because Flash neglects to check the return value from calloc(). Even when calloc() returns a null pointer, Flash writes to an offset from the return value. Dereferencing a null pointer usually results in a program crash, but dereferencing an offset from a null pointer allows an exploit to succeed without crashing the program.

...