Page History

Wiki MarkupIn C89 (and historical K&R [implementations|BB. Definitions#implementation]), the meaning of the remainder operator for negative operands was [implementation defined|BB. Definitions#implementation defined behavior]. This was changed in the C99 standard \ [[ISO/IEC 9899-1999|AA. Bibliography#ISO/IEC 9899-1999]\].

Because not all C compilers are strictly C99 conforming, you cannot rely on the behavior of the % operator if you need to run on a wide range of platforms with many different compilers.

...

Tool

Version

Checker

Description

Section
LDRA tool suite

Include Page

	c:LDRA_Vc:
	LDRA_V

Section
584 S

Section
Fully Implemented

Section
Fortify SCA

Section
V. 5.0

Section
can detect violations of this recommendation with the CERT C Rule Pack

Section
Compass/ROSE

Section
could detect the specific NCCE. It could identify when the result of a % operation might be negative, and flag usage of that result in an array index. It could, conceivably flag usage of any such result without first checking that the result is positive, but this will most likely introduce many false positives

...

MITRE CWE: CWE-129, "Unchecked Array Indexing"

Bibliography

Wiki Markup\[[Beebe 2005|AA. Bibliography#Beebe 05]\] \[[Microsoft 2007|AA. Bibliography#Microsoft 07]\] [C Multiplicative Operators|http://msdn2.microsoft.com/en-us/library/efa0csed(VS.80).aspx] \[[Sun 2005|AA. Bibliography#Sun 05]\] [Appendix E, ]
[Microsoft 2007] C Multiplicative Operators
[Sun 2005] Appendix E, "Implementation-Defined ISO/IEC C90 Behavior"|http://docs.sun.com/source/819-3688/c90.implementation.app.html]

...

04. Integers (INT) INT11-C. Take care when converting from pointer to integer or integer to pointer

Space shortcuts

Page tree

Versions Compared

Old Version 57

New Version 58

Key

Bibliography