Checker | Guideline |
|---|
| Arithmetic operation with NULL pointer | EXP34-C. Do not dereference null pointers |
| Array access out of bounds | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
| Array access out of bounds | ARR38-C. Guarantee that library functions do not form invalid pointers |
| Array access out of bounds | API02-C. Functions that read or write to or from an array should take an argument to specify the source or target size |
| Array access with tainted index | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
| Array access with tainted index | API02-C. Functions that read or write to or from an array should take an argument to specify the source or target size |
| Bad file access mode or status | FIO11-C. Take care when specifying the mode parameter of fopen() |
| Buffer overflow from incorrect string format specifier | ARR38-C. Guarantee that library functions do not form invalid pointers |
| Buffer overflow from incorrect string format specifier | STR03-C. Do not inadvertently truncate a string |
| Closing a previously closed resource | FIO46-C. Do not access a closed file |
| Command executed from externally controlled path | ENV33-C. Do not call system() |
| Command executed from externally controlled path | STR02-C. Sanitize data passed to complex subsystems |
| Copy of overlapping memory | EXP43-C. Avoid undefined behavior when using restrict-qualified pointers |
| Data race | CON32-C. Prevent data races when accessing bit-fields from multiple threads |
| Data race | CON43-C. Do not allow data races in multithreaded code |
| Data race | POS49-C. When data must be accessed by multiple threads, provide a mutex and guarantee no adjacent data is also accessed |
| Data race | CON09-C. Avoid the ABA problem when using lock-free algorithms |
| Dead code | MSC01-C. Strive for logical completeness |
| Dead code | MSC07-C. Detect and remove dead code |
| Dead code | MSC12-C. Detect and remove code that has no effect or is never executed |
| Deadlock | CON35-C. Avoid deadlock by locking in a predefined order |
| Deadlock | POS51-C. Avoid deadlock with POSIX threads by locking in predefined order |
| Deallocation of previously deallocated pointer | MEM30-C. Do not access freed memory |
| Deallocation of previously deallocated pointer | MEM00-C. Allocate and free memory in the same module, at the same level of abstraction |
| Declaration mismatch | DCL40-C. Do not create incompatible declarations of the same function or object |
| Declaration mismatch | EXP37-C. Call functions with the correct number and type of arguments |
| Destination buffer overflow in string manipulation | ARR38-C. Guarantee that library functions do not form invalid pointers |
| Destination buffer overflow in string manipulation | STR38-C. Do not confuse narrow and wide character strings and functions |
| Destination buffer overflow in string manipulation | ENV01-C. Do not make assumptions about the size of an environment variable |
| Destination buffer overflow in string manipulation | STR07-C. Use the bounds-checking interfaces for string manipulation |
| Destination buffer underflow in string manipulation | ARR38-C. Guarantee that library functions do not form invalid pointers |
| Deterministic random output from constant seed | MSC32-C. Properly seed pseudorandom number generators |
| Execution of externally controlled command | ENV33-C. Do not call system() |
| Execution of externally controlled command | STR02-C. Sanitize data passed to complex subsystems |
| File access between time of check and use (TOCTOU) | FIO45-C. Avoid TOCTOU race conditions while accessing files |
| File access between time of check and use (TOCTOU) | POS35-C. Avoid race conditions while checking for the existence of a symbolic link |
| File access between time of check and use (TOCTOU) | FIO01-C. Be careful using functions that use file names for identification |
| File manipulation after chroot() without chdir("/") | POS05-C. Limit access to files by creating a jail |
| Float conversion overflow | FLP34-C. Ensure that floating-point conversions are within range of the new type |
| Float conversion overflow | FLP03-C. Detect and handle floating-point errors |
| Float division by zero | FLP03-C. Detect and handle floating-point errors |
| Float overflow | FLP03-C. Detect and handle floating-point errors |
| Float overflow | FLP06-C. Convert integers to floating point for floating-point operations |
| Format string specifiers and arguments mismatch | EXP37-C. Call functions with the correct number and type of arguments |
| Format string specifiers and arguments mismatch | DCL11-C. Understand the type issues associated with variadic functions |
| Guarantee that storage for strings has sufficient space for character data and null terminator | STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator |
| Hard coded buffer size | DCL06-C. Use meaningful symbolic constants to represent literal values |
| Hard coded loop boundary | DCL06-C. Use meaningful symbolic constants to represent literal values |
| Improper array initialization | ARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer |
| Incorrect pointer scaling | EXP08-C. Ensure pointer arithmetic is used correctly |
| Integer conversion overflow | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
| Integer conversion overflow | FLP34-C. Ensure that floating-point conversions are within range of the new type |
| Integer conversion overflow | INT02-C. Understand integer conversion rules |
| Integer conversion overflow | INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size |
| Integer division by zero | INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors |
| Integer overflow | INT32-C. Ensure that operations on signed integers do not result in overflow |
| Integer overflow | INT00-C. Understand the data model used by your implementation(s) |
| Integer overflow | INT02-C. Understand integer conversion rules |
| Integer overflow | INT08-C. Verify that all integer values are in range |
| Integer overflow | INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size |
| Invalid assumptions about memory organization | ARR37-C. Do not add or subtract an integer to a pointer to a non-array object |
| Invalid free of pointer | MEM34-C. Only free memory allocated dynamically |
| Invalid free of pointer | MEM00-C. Allocate and free memory in the same module, at the same level of abstraction |
| Invalid use of = operator | EXP45-C. Do not perform assignments in selection statements |
| Invalid use of standard library floating point routine | FLP32-C. Prevent or detect domain and range errors in math functions |
| Invalid use of standard library floating point routine | FLP03-C. Detect and handle floating-point errors |
| Invalid use of standard library memory routine | ARR38-C. Guarantee that library functions do not form invalid pointers |
| Invalid use of standard library memory routine | API00-C. Functions should validate their parameters |
| Invalid use of standard library routine | API00-C. Functions should validate their parameters |
| Invalid use of standard library string routine | ARR38-C. Guarantee that library functions do not form invalid pointers |
| Invalid use of standard library string routine | STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string |
| Invalid use of standard library string routine | API00-C. Functions should validate their parameters |
| Invalid va_list argument | MSC39-C. Do not call va_arg() on a va_list that has an indeterminate value |
| Library loaded from externally controlled path | STR02-C. Sanitize data passed to complex subsystems |
| Library loaded from externally controlled path | WIN00-C. Be specific when dynamically loading libraries |
| Load of library from a relative path can be controlled by an external actor | WIN00-C. Be specific when dynamically loading libraries |
| Loop bounded with tainted value | INT04-C. Enforce limits on integer values originating from tainted sources |
| Loop bounded with tainted value | MSC21-C. Use robust loop termination conditions |
| Memory allocation with tainted size | MEM35-C. Allocate sufficient memory for an object |
| Memory allocation with tainted size | INT04-C. Enforce limits on integer values originating from tainted sources |
| Memory allocation with tainted size | MEM07-C. Ensure that the arguments to calloc(), when multiplied, do not wrap |
| Memory allocation with tainted size | MEM10-C. Define and use a pointer validation function |
| Memory allocation with tainted size | MEM11-C. Do not assume infinite heap space |
| Memory leak | MEM31-C. Free dynamically allocated memory when no longer needed |
| Memory leak | MEM11-C. Do not assume infinite heap space |
| Memory leak | MEM12-C. Consider using a goto chain when leaving a function on error when using and releasing resources |
| Mismatch between data length and size | ARR38-C. Guarantee that library functions do not form invalid pointers |
| MISRA2012-DIR-1_1 | FLP30-C. Do not use floating-point variables as loop counters |
| MISRA2012-RULE-8_1 | DCL31-C. Declare identifiers before using them |
| MISRA2012-RULE-8_2 | DCL36-C. Do not declare an identifier with conflicting linkage classifications |
| MISRA2012-RULE-8_4 | DCL36-C. Do not declare an identifier with conflicting linkage classifications |
| MISRA2012-RULE-8_8 | DCL36-C. Do not declare an identifier with conflicting linkage classifications |
| MISRA2012-RULE-13_2 | PRE31-C. Avoid side effects in arguments to unsafe macros |
| MISRA2012-RULE-13_2 | EXP30-C. Do not depend on the order of evaluation for side effects |
| MISRA2012-RULE-14_1 | FLP30-C. Do not use floating-point variables as loop counters |
| MISRA2012-RULE-16_1 | DCL41-C. Do not declare variables inside a switch statement before the first case label | MISRA2012-RULE-17_3 | DCL31-C. Declare identifiers before using them |
| MISRA2012-RULE-17_3 | DCL36-C. Do not declare an identifier with conflicting linkage classifications |
| MISRA2012-RULE-21_1 | DCL37-C. Do not declare or define a reserved identifier |
| MISRA2012-RULE-21_2 | DCL37-C. Do not declare or define a reserved identifier |
| Missing case for switch condition | MSC01-C. Strive for logical completeness |
| Missing case for switch condition | MSC07-C. Detect and remove dead code |
| Missing lock | CON01-C. Acquire and release synchronization primitives in the same module, at the same level of abstraction |
| Missing null in string array | STR11-C. Do not specify the bound of a character array initialized with a string literal |
| Missing return statement | MSC37-C. Ensure that control never reaches the end of a non-void function |
| Missing unlock | MEM12-C. Consider using a goto chain when leaving a function on error when using and releasing resources |
| Modification of internal buffer returned from nonreentrant standard function | ENV30-C. Do not modify the object referenced by the return value of certain functions |
| Modification of internal buffer returned from nonreentrant standard function | STR06-C. Do not assume that strtok() leaves the parse string unchanged |
| Non-initialized pointer | EXP33-C. Do not read uninitialized memory |
| Non-initialized variable | EXP33-C. Do not read uninitialized memory |
| Non-initialized variable | MSC39-C. Do not call va_arg() on a va_list that has an indeterminate value |
| Null pointer | EXP34-C. Do not dereference null pointers |
| Pointer access out of bounds | EXP39-C. Do not access a variable through a pointer of an incompatible type |
| Pointer access out of bounds | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
| Pointer access out of bounds | ARR38-C. Guarantee that library functions do not form invalid pointers |
| Pointer access out of bounds | MEM35-C. Allocate sufficient memory for an object |
| Pointer access out of bounds | API02-C. Functions that read or write to or from an array should take an argument to specify the source or target size |
| Pointer access out of bounds | EXP08-C. Ensure pointer arithmetic is used correctly |
| Pointer dereference with tainted offset | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
| Pointer or reference to stack variable leaving scope | DCL30-C. Declare objects with appropriate storage durations |
| Possible misuse of sizeof | ARR38-C. Guarantee that library functions do not form invalid pointers |
| Possible misuse of sizeof | ARR00-C. Understand how arrays work |
| Possible misuse of sizeof | ARR01-C. Do not apply the sizeof operator to a pointer when taking the size of an array |
| Possibly unintended evaluation of expression because of operator precedence rules | EXP00-C. Use parentheses for precedence of operation |
| Possibly unintended evaluation of expression because of operator precedence rules | EXP13-C. Treat relational and equality operators as if they were nonassociative |
| Predictable random output from predictable seed | MSC32-C. Properly seed pseudorandom number generators |
| Qualifier removed in conversion | EXP32-C. Do not access a volatile object through a nonvolatile reference |
| Qualifier removed in conversion | EXP37-C. Call functions with the correct number and type of arguments |
| Qualifier removed in conversion | EXP05-C. Do not cast away a const qualification |
| Resource leak | FIO42-C. Close files when they are no longer needed |
| Resource leak | MEM12-C. Consider using a goto chain when leaving a function on error when using and releasing resources |
| Sensitive data printed out | MEM06-C. Ensure that sensitive data is not written out to disk |
| Sensitive heap memory not cleared before release | MEM03-C. Clear sensitive information stored in reusable resources |
| Sensitive heap memory not cleared before release | MSC18-C. Be careful while handling sensitive data, such as passwords, in program code |
| Shift of a negative value | INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand |
| Shift operation overflow | INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand |
| Sign change integer conversion overflow | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
| Standard function call with incorrect arguments | EXP37-C. Call functions with the correct number and type of arguments |
| Standard function call with incorrect arguments | STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string |
| Standard function call with incorrect arguments | FIO46-C. Do not access a closed file |
| Standard function call with incorrect arguments | API00-C. Functions should validate their parameters |
| Tainted Data Defects | API00-C. Functions should validate their parameters |
| Tainted division operand | INT32-C. Ensure that operations on signed integers do not result in overflow |
| Tainted division operand | INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors |
| Tainted modulo operand | INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors |
| Tainted modulo operand | INT10-C. Do not assume a positive remainder when using the % operator |
| Tainted NULL or non-null-terminated string | STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string |
| Tainted NULL or non-null-terminated string | ENV01-C. Do not make assumptions about the size of an environment variable |
| Tainted sign change conversion | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
| Tainted sign change conversion | INT02-C. Understand integer conversion rules |
| Tainted sign change conversion | MEM04-C. Beware of zero-length allocations |
| Tainted sign change conversion | MEM11-C. Do not assume infinite heap space |
| Tainted sign change conversion | MSC21-C. Use robust loop termination conditions |
| Tainted size of variable length array | ARR32-C. Ensure size arguments for variable length arrays are in a valid range |
| Tainted size of variable length array | INT04-C. Enforce limits on integer values originating from tainted sources |
| Tainted size of variable length array | MEM04-C. Beware of zero-length allocations |
| Tainted size of variable length array | MEM05-C. Avoid large stack allocations |
| Tainted string format | FIO30-C. Exclude user input from format strings |
| Umask used with chmod-style arguments | FIO06-C. Create files with appropriate access permissions |
| Uncleared sensitive data in stack | MEM03-C. Clear sensitive information stored in reusable resources |
| Uncleared sensitive data in stack | MSC18-C. Be careful while handling sensitive data, such as passwords, in program code |
| Unprotected dynamic memory allocation | MEM10-C. Define and use a pointer validation function |
| Unprotected dynamic memory allocation | MEM11-C. Do not assume infinite heap space |
| Unreachable code | MSC01-C. Strive for logical completeness |
| Unreachable code | MSC07-C. Detect and remove dead code |
| Unreachable code | MSC12-C. Detect and remove code that has no effect or is never executed |
| Unreliable cast of function pointer | EXP37-C. Call functions with the correct number and type of arguments |
| Unreliable cast of pointer | EXP36-C. Do not cast pointers into more strictly aligned pointer types |
| Unsafe standard encryption function | MSC18-C. Be careful while handling sensitive data, such as passwords, in program code |
| Unsigned integer conversion overflow | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
| Unsigned integer conversion overflow | FLP34-C. Ensure that floating-point conversions are within range of the new type |
| Unsigned integer conversion overflow | INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size |
| Unsigned integer overflow | INT30-C. Ensure that unsigned integer operations do not wrap |
| Unsigned integer overflow | INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size |
| Unused parameter | MSC13-C. Detect and remove unused values |
| Use of dangerous standard function | API02-C. Functions that read or write to or from an array should take an argument to specify the source or target size |
| Use of dangerous standard function | ENV01-C. Do not make assumptions about the size of an environment variable |
| Use of dangerous standard function | STR07-C. Use the bounds-checking interfaces for string manipulation |
| Use of memset with size argument zero | MSC12-C. Detect and remove code that has no effect or is never executed |
| Use of non-secure temporary file | FIO03-C. Do not make assumptions about fopen() and file creation |
| Use of non-secure temporary file | FIO21-C. Do not create temporary files in shared directories |
| Use of obsolete standard function | MSC33-C. Do not pass invalid data to the asctime() function |
| Use of obsolete standard function | POS33-C. Do not use vfork() |
| Use of obsolete standard function | MSC24-C. Do not use deprecated or obsolescent functions |
| Use of previously closed resource | FIO46-C. Do not access a closed file |
| Use of previously freed pointer | MEM30-C. Do not access freed memory |
| Use of previously freed pointer | MEM00-C. Allocate and free memory in the same module, at the same level of abstraction |
| Use of setjmp/longjmp | MSC22-C. Use the setjmp(), longjmp() facility securely |
| Use of tainted pointer | EXP34-C. Do not dereference null pointers |
| Use of tainted pointer | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
| Use of tainted pointer | ARR38-C. Guarantee that library functions do not form invalid pointers |
| Use of tainted pointer | API02-C. Functions that read or write to or from an array should take an argument to specify the source or target size |
| Use of tainted pointer | MEM10-C. Define and use a pointer validation function |
| Variable length array with nonpositive size | MEM04-C. Beware of zero-length allocations |
| Variable length array with nonpositive size | MEM05-C. Avoid large stack allocations |
| Variable shadowing | DCL01-C. Do not reuse variable names in subscopes |
| Vulnerable path manipulation | FIO02-C. Canonicalize path names originating from tainted sources |
| Vulnerable permission assignments | FIO06-C. Create files with appropriate access permissions |
| Vulnerable pseudo-random number generator | MSC30-C. Do not use the rand() function for generating pseudorandom numbers |
| Write without a further read | MSC13-C. Detect and remove unused values |
| Write without a further reads | DCL22-C. Use volatile for data that cannot be cached |
| Writing to const qualified object | EXP40-C. Do not modify constant objects |
| Writing to const qualified object | STR30-C. Do not attempt to modify string literals |
| Writing to const qualified object | STR05-C. Use pointers to const when referring to string literals |
| Writing to const qualified object | STR06-C. Do not assume that strtok() leaves the parse string unchanged |
| Wrong allocated object size for cast | STR38-C. Do not confuse narrow and wide character strings and functions |
| Wrong allocated object size for cast | MEM02-C. Immediately cast the result of a memory allocation function call into a pointer to the allocated type |
| Wrong type used in sizeof | MEM35-C. Allocate sufficient memory for an object |
| Wrong type used in sizeof | MEM02-C. Immediately cast the result of a memory allocation function call into a pointer to the allocated type |
