...
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| 434 S | Fully implemented. | |||||||
Fortify SCA | V. 5.0 | Can detect violations of this rule with CERT C Rule Pack. | |||||||
Compass/ROSE | Can detect violations of this rule when checking for violations of INT07-C. Use only explicitly signed or unsigned char type for numeric values. | ||||||||
GCC | 2.95 and later | Detects objects of type | |||||||
| charcast | Fully implemented. | |||||||
| PRQA QA·C |
| Fully implemented |
Related Vulnerabilities
CVE-2009-0887 results from a violation of this rule. In Linux PAM (up to version 1.0.3), the libpam implementation of strtok casts a (potentially signed) character to an integer, for use as an index to an array. An attacker can exploit this by inputting a string with non-ASCII characters, causing the cast to result in a negative index and accessing memory outside of the array [xorl 2009].
...