SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 77

changes.mady.by.user Roberto Bagnara

Saved on

compared with

New Version 78

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#FFcccc
langc
int rc = 0;
int stringify = 0x80000000;
char buf[sizeof("256")];
rc = snprintf(buf, sizeof(buf), "%u", stringify >> 24);
if (rc == -1 || rc >= sizeof(buf)) {
  /* handleHandle error */
}

In this example, stringify >> 24 evaluates to 0xFFFFFF80, or 4,294,967,168. When converted to a string, the resulting value "4294967168" is too large to store in buf and is truncated by snprintf().

...

Code Block
bgColorccccff
langc
int rc = 0;
unsigned int stringify = 0x80000000;
char buf[sizeof("256")];
rc = snprintf(buf, sizeof(buf), "%u", stringify >> 24);
if (rc == -1 || rc >= sizeof(buf)) {
  /* handleHandle error */
}

Also, consider using the sprintf_s() function, defined in ISO/IEC TR 24731-1, instead of snprintf() to provide some additional checks. (See STR07-C. Use the bounds-checking interfaces for remediation of existing string manipulation code.)

...

Tool

Version

Checker

Description

Compass/ROSE

 

 

Can detect violations of this rule. In particular, it flags bitwise operations that involved variables not declared with unsigned type

ECLAIR

Include Page
ECLAIR_V
ECLAIR_V

CC2.INT13

Fully implemented

Fortify SCA

5.0

 

Can detect violations of this recommendation with the CERT C Rule Pack

LDRA tool suite

Include Page
LDRA_V
LDRA_V

50 S
120 S
331 S

Fully implemented

PRQA QA-C
Include Page
PRQA_V
PRQA_V

0502
4130
4131

Fully implemented

Splint

Include Page
Splint_V
Splint_V

 

 

...

[Dowd 2006]Chapter 6, "C Language Issues"
[ISO/IEC C99 Rationale 2003]Section Subclause 6.5.7, "Bitwise Shift Operators"

...