SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 31

changes.mady.by.user Jill Britton

Saved on

compared with

New Version 32

changes.mady.by.user Nelson Tam

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Automated Detection

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
LANG.CAST.COERCECoercion alters value
Compass/ROSE

 

 

 

Coverity
Include Page
Coverity_V
Coverity_V
6.5

CHAR_IO

Identifies defects when the return value of fgetc()getc(), or getchar() is incorrectly assigned to a char instead of an int. Coverity Prevent cannot discover all violations of this rule, so further verification is necessary

ECLAIR1.2

CC2.FIO34

Partially implemented

Klocwork
Include Page
Klocwork_V
Klocwork_V
CWARN.CMPCHR.EOF 
LDRA tool suite
Include Page
LDRA_V
LDRA_V
662 S
Fully implemented
Parasoft C/C++test9.5MISRA2004-10_1_dPartially implemented
Splint3.1.1

 

 

 PRQA QA-C++ 4.23051, 3001, 3010, 3137, 3717  

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C Secure Coding StandardSTR00-C. Represent characters using an appropriate type
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
CERT Oracle Secure Coding Standard for Java

FIO08-J. Use an int to capture the return value of methods that read a character or byte

ISO/IEC TS 17961:2013Using character values that are indistinguishable from EOF [chreof]

Bibliography

[Kettlewell 2002]Section 1.2, "<stdio.h> and Character Types"
[NIST 2006]SAMATE Reference Dataset Test Case ID 000-000-088
[Summit 2005]Question 12.2