SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 60

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 61

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In this compliant solution, length is subtracted from SIZE_MAX, ensuring that wrapping cannot occur, see . See guideline INT30-C. Ensure that unsigned integer operations do not wrap.

...

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

INT35-C

high

likely

medium

P18

L1

Automated Detection

Tool

Version

Checker

Description

Section

Fortify SCA

...

Section

V. 5.0

...

 

Section

can detect violations of this rule

...

with CERT C Rule Pack

Section

Compass/ROSE

 

 

Section

can detect violations of this rule. It should look for patterns of (a op1 b) op2 c where:

  • c has a bigger type than a or b
  • Neither a nor b are typecast to c's type
  • op2 is assignment or comparison

...

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

Related Guidelines

This rule appears in the C++ Secure Coding Standard as : INT35-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size.

Bibliography

Wiki Markup
\[[Dowd 062006|AA. Bibliography#Dowd 06]\] Chapter 6, "C Language Issues"
\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 6.3.1, "Arithmetic operands"
\[[ISO/IEC PDTR 24772|AA. Bibliography#ISO/IEC PDTR 24772]\] "FLC Numeric Conversion Errors"
\[[MITRE 072007|AA. Bibliography#MITRE 07]\] [CWE ID 681|http://cwe.mitre.org/data/definitions/681.html], "Incorrect Conversion between Numeric Types," and [CWE ID 190|http://cwe.mitre.org/data/definitions/190.html], "Integer Overflow (Wrap or Wraparound)"
\[[Seacord 05a2005a|AA. Bibliography#Seacord 05a]\] Chapter 5, "Integer Security"

...