...
In this noncompliant example, the cast of *s to unsigned int may result in a value in excess of UCHAR_MAX because of integer promotions, consequently causing the function to violate ARR30-C. Do not form or use out-of-bounds pointers or array subscripts:
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <limits.h>
#include <stddef.h>
static const char table[UCHAR_MAX] = { 'a' /* ... */ };
ptrdiff_t first_not_in_table(const char *c_str) {
for (const char *s = c_str; *s; ++s) {
if (table[(unsigned)*s] != *s) {
return s - c_str;
}
}
return -1;
}
|
...
| CERT C Secure Coding Standard | STR37-C. Arguments to character-handling functions must be representable as an unsigned char STR04-C. Use plain char for characters in the basic character set ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
| CERT C++ Secure Coding Standard | STR34-CPP. Cast characters to unsigned types before converting to larger integer sizes |
| ISO/IEC TS 17961 | Conversion of signed characters to wider integer types before a check for EOF [signconv] |
| MISRA-C | Rule 10.1 through Rule 10.4 (required) |
| MITRE CWE | CWE-704, Incorrect type conversion or cast |
...
...