...
Also, consider using the sprintf_s() function, defined in ISO/IEC TR 24731-1, instead of snprintf() to provide some additional checks. (See STR07-C. Use the bounds-checking interfaces for remediation of existing string manipulation code.)
Exceptions
INT13-EX1: When used as bit flags, it is acceptable to use preprocessor macros as arguments to the & and | operators even if the value is not explicitly declared as unsigned.
...
Tool | Version | Checker | Description | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
| Can detect violations of this rule. In particular, it flags bitwise operations that involved variables not declared with | |||||||||||
| CC2.INT13 | Fully implemented | |||||||||||
5.0 |
| Can detect violations of this recommendation with the CERT C Rule Pack | |||||||||||
| 50 S | Fully implemented | |||||||||||
| PRQA QA-C |
| 0502 |
| 4532, 4533, 4534, 4543, 4544 | Fully implemented | ||||||||
|
|
|
...
Related Guidelines
| CERT C++ Secure Coding Standard | INT13-CPP. Use bitwise operators only on unsigned operands |
| ISO/IEC TR 24772:2013 | Bit Representations [STR] Arithmetic Wrap-around Error [FIF] Sign Extension Error [XZI] |
| MITRE CWE | CWE-682, Incorrect calculation |
...