SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 79

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version 80

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This compliant solution replaces the hard-coded value 4 with sizeof(int *).:

Code Block
bgColor#ccccff
langc
size_t i;
int **matrix = (int **)calloc(100, sizeof(*matrix));
if (matrix == NULL) {
  /* handle error */
}

for (i = 0; i < 100; i++) {
  matrix[i] = (int *)calloc(i, sizeof(**matrix));
  if (matrix[i] == NULL) {
    /* handle error */
  }
}

...

Tool

Version

Checker

Description

Compass/ROSE

 

 

Can detect violations of this recommendation. In particular, it looks for the size argument of malloc(), calloc(), or realloc() and flags when it does not find a sizeof operator in the argument expression. It does not flag if the return value is assigned to a char *; in this case a string is being allocated, and sizeof is unnecessary because sizeof(char) == 1.

ECLAIR
Include Page
ECLAIR_V
ECLAIR_V
funcallsCan detect violations of this recommendation. In particular, it considers when the size of a type is used by malloc(), calloc() or realloc() and flags these functions if either the size argument does not use a sizeof operator, or the size argument uses sizeof, but the type of the returned value is not a pointer to the type of the argument to sizeof. It does not flag if the returned value is assigned to a char *.

LDRA tool suite

Include Page
LDRA_V
LDRA_V

201 S

Partially implemented.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C++ Secure Coding StandardEXP09-CPP. Use sizeof to determine the size of a type or variable
MITRE CWECWE 805, Buffer access with incorrect length value

 

...