SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 76

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 77

changes.mady.by.user Liz Whiting

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
(general)CodeSonar considers the possibility that fgets() and fgetws() may return empty strings; warnings of various classes may be triggered depending on subsequent operations on those strings. For example, the "Noncompliant Code Example" cited above would trigger a Buffer Underrun warning.
Compass/ROSE

 

 

Could detect some violations of this rule. In particular, it could detect the noncompliant code example by searching for fgets(), followed by strlen() - 1, which could be −1. The crux of this rule is that a string returned by fgets() could still be empty, because the first char is '\0'. There are probably other code examples that violate this guideline; they would need to be enumerated before ROSE could detect them

Fortify SCA

5.0

 

 

LDRA tool suite
Include Page
LDRA_V
LDRA_V
44 SEnhanced Enforcement

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...