SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 54

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 55

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

A data model defines the sizes assigned to standard data types. It is important to understand the data models used by your implementation. However, if your code depends on any assumptions not guaranteed by the standard, you should provide static assertions (see to ensure that your assumptions are valid. (See guideline DCL03-C. Use a static assertion to test the value of a constant expression) to ensure that your assumptions are valid. .) Assumptions concerning integer sizes may become invalid, for example, when porting from a 32-bit architecture to a 64-bit architecture.

...

Wiki Markup
Code frequently embeds assumptions about data models. For example, some code bases require pointer and {{long}} to have the same size, while other large code bases require {{int}} and {{long}} to be the same size \[[van de Voort 072007|AA. Bibliography#van de Voort 07]\]. These types of assumptions, while common, make the code difficult to port and make the ports error prone. One solution is to avoid any implementation-defined behavior. However, this can result in inefficient code. Another solution is to include either static or runtime assertions near any platform-specific assumptions, so they can be easily detected and corrected during porting.

...

The stdint.h header introduces types with specific size restrictions that can be used to avoid dependence on a particular data model. For example, int_least32_t is the smallest signed integer type supported by the implementation that contains at least 32 bits. The type uint_fast16_t is the fastest unsigned integer type supported by the implementation that contains at least 16 bits. The type intmax_t is the largest signed integer, and uintmax_t is the largest unsigned type, supported by the implementation. The following types are required to be available on all implementations.:

Smallest Types

signed

unsigned

8 bits

int_least8_t

uint_least8_t

16 bits

int_least16_t

uint_least16_t

32 bits

int_least32_t

uint_least32_t

64 bits

int_least64_t

uint_least64_t

Fastest Types

signed

unsigned

8 bits

int_fast8_t

uint_fast8_t

16 bits

int_fast16_t

uint_fast16_t

32 bits

int_fast32_t

uint_fast32_t

64 bits

int_fast64_t

uint_fast64_t

Largest Types

signed

unsigned

maximum

intmax_t

uintmax_t

...

This compliant solution uses the largest unsigned integer type available if it is guaranteed to hold the result.   If it is not, another solution must be found, as discussed in guideline INT32-C. Ensure that operations on signed integers do not result in overflow.

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

Related Guidelines

This rule appears in the C++ Secure Coding Standard as : INT00-CPP. Understand the data model used by your implementation(s).

Bibliography

Wiki Markup
\[[ISO/IEC PDTR 24772|AA. Bibliography#ISO/IEC PDTR 24772]\] "STR Bit Representations"
\[[Open Group 97a1997a|AA. Bibliography#Open Group 97b]\]
\[[van de Voort 072007|AA. Bibliography#van de Voort 07]\]

...