...
| Code Block | ||||
|---|---|---|---|---|
| ||||
int insert(size_t* result, size_t index, int *list, size_t size, int value) {
if (size != 0 && size != SIZE_MAX) {
index = (index + 1) % size;
list[index] = value;
*result = index;
return 1;
}
else {
return 0;
}
}
|
Risk Assessment
Incorrectly assuming that the result of the remainder operator for signed operands will always be positive can lead to an out-of-bounds memory accessor other flawed logic.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
INT10-C | LowHigh | Unlikely | High | P1P3 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
|
| Could detect the specific noncompliant code example. It could identify when the result of a % operation might be negative and flag usage of that result in an array index. It could conceivably flag usage of any such result without first checking that the result is positive, but it would likely introduce many false positives | |||||||
5.0 |
| Can detect violations of this recommendation with the CERT C Rule Pack | |||||||
| 584 S | Fully implemented | |||||||
| Parasoft C/C++test | 9.5 | BD-PB-ARRAY | Partially implemented | ||||||
| PRQA QA-C |
| 3103 | Fully implemented |
...