SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 61

changes.mady.by.user Roberto Bagnara

Saved on

compared with

New Version 62

changes.mady.by.user Aaron Ballman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#ccccff
langc
static int yy_string_get() {
  register char *c_str;
  register int c;

  c_str = bash_input.location.string;
  c = EOF;

  /* If the string doesn't exist, or is empty, EOF found. */
  if (c_str && *c_str) {
    /* Cast to unsigned type. */
    c = (unsigned char)*c_str++;

    bash_input.location.string = c_str;
  }
  return (c);
}

...

In this noncompliant example, the cast of *s to unsigned int may result in a value in excess of UCHAR_MAX because of integer promotions, consequently causing the function to violate VOID Guarantee that array indices are within the valid range ARR30-C. Do not form or use out of bounds pointers or array subscripts, leading to undefined behavior:

Code Block
bgColor#ffcccc
langc
#include <limits.h>
#include <stddef.h>
 
static const char table[UCHAR_MAX] = { 'a' /* ... */* };

intptrdiff_t first_not_in_table(const char *c_str) {
  for (const char *s = c_str;
  for (; *s; ++s) {
    if (table[(unsigned)*s] != *s) {
      return s - c_str;
    }
  }
  return -1;
}

Compliant Solution

...

Code Block
bgColor#ccccff
langc
#include <limits.h>
#include <stddef.h>
 
static const char table[UCHAR_MAX] = { 'a' /* ... */* };

ptrdiff_t first_not_in_table(const char *c_str) {
  for (const char *s = c_str;
  for (; *s; ++s) {
    if (table[(unsigned char)*s] != *s) {
      return s - c_str;
    }
  }
  return -1;
}

Risk Assessment

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C Secure Coding StandardSTR37-C. Arguments to character handling functions must be representable as an unsigned char
STR04-C. Use plain char for characters in the basic character set
ARR30-C. Do not form or use out of bounds pointers or array subscripts
CERT C++ Secure Coding StandardSTR34-CPP. Cast characters to unsigned types before converting to larger integer sizes
ISO/IEC TS 17961 (Draft)Conversion of signed characters to wider integer types before a check for EOF [signconv]
MISRA-CRule 10.1 through Rule 10.4 (required)
MITRE CWECWE-704, Incorrect type conversion or cast

...