SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 11

changes.mady.by.user Robert Seacord

Saved on

compared with

New Version 12

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Automated Detection

Tool

Version

Checker

Description

Compass/ROSE

 

 

 

Coverity

6.5

CHAR_IO

Identifies defects when the return value of fgetc()getc(), or getchar() is incorrectly assigned to a charinstead of an int. Coverity Prevent cannot discover all violations of this rule, so further verification is necessary

ECLAIR

1.2

CC2.FIO34

Partially implemented

Fortify SCA

5.0

 

Can detect violations of this rule with CERT C Rule Pack

Splint

3.1.1

 

 

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C Secure Coding StandardSTR00-C. Represent characters using an appropriate type
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
CERT C++ Secure Coding StandardFIO34-CPP. Use int to capture the return value of character IO functions
FIO35-CPP. Use feof() and ferror() to detect end-of-file and file errors when sizeof(int) == sizeof(char) 
CERT Oracle Secure Coding Standard for Java

FIO08-J. Use an int to capture the return value of methods that read a character or byte

ISO/IEC TS 17961Using character values that are indistinguishable from EOF [chreof]

Bibliography

[Kettlewell 2002]Section 1.2, "<stdio.h> and Character Types"
[NIST 2006]SAMATE Reference Dataset Test Case ID 000-000-088
[Summit 2005]Question 12.2

 

Image Modified