SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 154

changes.mady.by.user Sandy Shrum

Saved on

compared with

New Version 155

changes.mady.by.user Will Snavely

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

CERT C Secure Coding StandardARR01-C. Do not apply the sizeof operator to a pointer when taking the size of an array
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
INT32-C. Ensure that operations on signed integers do not result in overflow
INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
MEM04-C. Beware of zero-length allocations
ISO/IEC TR 24772:2013Buffer Boundary Violation (Buffer Overflow) [HCB]
ISO/IEC TS 17961:2013Taking the size of a pointer to determine the size of the pointed-to type [sizeofptr]
MITRE CWE

CWE-131, Incorrect Calculation of Buffer Size
CWE-190, Integer Overflow or Wraparound
CWE-467, Use of sizeof() on a Pointer Type 

Bibliography

[Coverity 2007] 
[Drepper 2006]Section 2.1.1, "Respecting Memory Bounds"
[Seacord 2013]Chapter 4, "Dynamic Memory Management"
Chapter 5, "Integer Security"
[Viega 2005]Section 5.6.8, "Use of sizeof() on a Pointer Type"
[xorl 2009]CVE-2009-0587: Evolution Data Server Base64 Integer Overflows

...