C checkers | Guideline |
|---|
ABR | void ARR33-C. Guarantee that copies are made into storage of sufficient size |
ABR | ARR38-C. Guarantee that library functions do not form invalid pointers |
ABV.ITERATOR | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
ASSIGCOND.BOOL | void MSC02-C. Avoid errors of omission |
ASSIGCOND.CALL | EXP45-C. Do not perform assignments in selection statements |
ASSIGCOND.CALL | void MSC02-C. Avoid errors of omission |
ASSIGCOND.GEN | EXP45-C. Do not perform assignments in selection statements |
ASSIGCOND.GEN | void MSC02-C. Avoid errors of omission |
EFFECT | EXP16-C. Do not compare function pointers to constant values |
EFFECT | void MSC02-C. Avoid errors of omission |
EFFECT | MSC12-C. Detect and remove code that has no effect |
FNH.MIGHT | MEM34-C. Only free memory allocated dynamically |
FNH.MUST | MEM34-C. Only free memory allocated dynamically |
FUM.GEN.MIGHT | MEM34-C. Only free memory allocated dynamically |
FUM.GEN.MUST | MEM34-C. Only free memory allocated dynamically |
IF_DEF_IN_HEADER_DECL | DCL36-C. Do not declare an identifier with conflicting linkage classifications |
IF_DUPL_HEADER | PRE08-C. Guarantee that header file names are unique |
IF_MISS_DECL | DCL31-C. Declare identifiers before using them |
IF_MULTI_DECL | DCL01-C. Do not reuse variable names in subscopes |
IF_MULTI_DECL | DCL36-C. Do not declare an identifier with conflicting linkage classifications |
IF_MULTI_DEF | DCL01-C. Do not reuse variable names in subscopes |
IF_MULTI_KIND | DCL01-C. Do not reuse variable names in subscopes |
INCORRECT.ALLOC_SIZE | VOID EXP01-C. Do not take the size of a pointer to determine the size of the pointed-to type |
INCORRECT.ALLOC_SIZE | MEM35-C. Allocate sufficient memory for an object |
LA_UNUSED | MSC01-C. Strive for logical completeness |
LOCRET.* | DCL30-C. Declare objects with appropriate storage durations |
LV_UNUSED.GEN | MSC07-C. Detect and remove dead code |
MLK | MEM31-C. Free dynamically allocated memory when no longer needed |
| MSC13-C. Detect and remove unused values |
NNTS | STR03-C. Do not inadvertently truncate a string |
NNTS | STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string |
NNTS.TAINTED | STR02-C. Sanitize data passed to complex subsystems |
NNTS.TAINTED | STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator |
NNTS.TAINTED | VOID STR35-C. Do not copy data from an unbounded source to a fixed-length array |
NPD.* RNPD. | EXP34-C. Do not dereference null pointers |
PRECISION.LOSS | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
RETVOID.IMPLICIT | DCL31-C. Declare identifiers before using them |
RH.LEAK | FIO22-C. Close files before spawning processes |
RH.LEAK | FIO42-C. Close files when they are no longer needed |
RH.LEAK | FIO46-C. Do not access a closed file |
SEMICOL | EXP15-C. Do not place a semicolon on the same line as an if, for, or while statement |
| STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator |
SV.CODE_INJECTION.SHELL_EXEC | ENV33-C. Do not call system() |
SV.CUDS.MISSING_ABSOLUTE_PATH | FIO02-C. Canonicalize path names originating from tainted sources |
SV.FIU.PERMISSIONS | POS36-C. Observe correct revocation order while relinquishing privileges |
SV.FIU.PERMISSIONS | POS37-C. Ensure that privilege relinquishment is successful |
SV.FMT_STR.BAD_SCAN_FORMAT | void STR33-C. Size wide character strings correctly |
SV.FMT_STR | FIO47-C. Use valid format strings |
SV.FMTSTR.GENERIC | FIO30-C. Exclude user input from format strings |
SV.RVT.RETVAL_NOTTESTED | EXP12-C. Do not ignore values returned by functions |
SV.STRBO.GETS | STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator |
SV.STRBO.GETS | VOID STR35-C. Do not copy data from an unbounded source to a fixed-length array |
SV.TAINTED.FMTSTR | FIO30-C. Exclude user input from format strings |
SV.TAINTED.INJECTION | ENV33-C. Do not call system() |
SV.TAINTED.INJECTION | STR02-C. Sanitize data passed to complex subsystems |
SV.TAINTED.LOOP_BOUND | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
SV.TOCTOU.FILE_ACCESS | FIO01-C. Be careful using functions that use file names for identification |
SV.USAGERULES.PERMISSIONS | POS36-C. Observe correct revocation order while relinquishing privileges |
SV.USAGERULES.PERMISSIONS | POS37-C. Ensure that privilege relinquishment is successful |
SV.USAGERULES.PROCESS_VARIANTS | POS33-C. Do not use vfork() |
SV.USAGERULES.UNBOUNDED_STRING_COPY | STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator |
SV.USAGERULES.UNBOUNDED_STRING_COPY | VOID STR35-C. Do not copy data from an unbounded source to a fixed-length array |
SV.USAGERULES.UNINTENDED_COPY | MEM03-C. Clear sensitive information stored in reusable resources |
UFM.DEREF.MIGHT | MEM30-C. Do not access freed memory |
UFM.DEREF.MUST | MEM30-C. Do not access freed memory |
UFM.FFM | MEM31-C. Free dynamically allocated memory when no longer needed |
UFM.RETURN.MIGHT | MEM30-C. Do not access freed memory |
UFM.RETURN.MUST | MEM30-C. Do not access freed memory |
UFM.USE.MIGHT | MEM30-C. Do not access freed memory |
UFM.USE.MUST | MEM30-C. Do not access freed memory |
UNINIT.HEAP.MIGHT | EXP33-C. Do not read uninitialized memory |
UNINIT.HEAP.MUST | EXP33-C. Do not read uninitialized memory |
UNINIT.STACK.ARRAY.MIGHT | EXP33-C. Do not read uninitialized memory |
UNINIT.STACK.ARRAY.MUST | EXP33-C. Do not read uninitialized memory |
UNINIT.STACK.ARRAY.PARTIAL.MUST | EXP33-C. Do not read uninitialized memory |
UNINIT.STACK.MUST | EXP33-C. Do not read uninitialized memory |
UNREACH.* | MSC07-C. Detect and remove dead code |
VA_UNUSED.* | MSC07-C. Detect and remove dead code |
