Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

Page History

Versions Compared

Key

This line was added.
This line was removed.
Formatting was changed.

Recommendations

INT00-C. Understand the data model used by your implementation(s)

INT01-C. Use rsize_t or size_t for all integer values representing the size of an object

INT02-C. Understand integer conversion rules

INT03-C. Use a secure integer library

INT04-C. Enforce limits on integer values originating from untrusted sources

INT05-C. Do not use input functions to convert character data if they cannot handle all possible inputs

INT06-C. Use strtol() or a related function to convert a string token to an integer

INT07-C. Use only explicitly signed or unsigned char type for numeric values

INT08-C. Verify that all integer values are in range

INT09-C. Ensure enumeration constants map to unique values

INT10-C. Do not assume a positive remainder when using the % operator

INT11-C. Take care when converting from pointer to integer or integer to pointer

INT12-C. Do not make assumptions about the type of a plain int bit-field when used in an expression

INT13-C. Use bitwise operators only on unsigned operands

INT14-C. Avoid performing bitwise and arithmetic operations on the same data

INT15-C. Use intmax_t or uintmax_t for formatted IO on programmer-defined integer types

INT16-C. Do not make assumptions about representation of signed integers

INT17-C. Define integer constants in an implementation-independent manner

Rules

INT30-C. Ensure that unsigned integer operations do not wrap

INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data

INT32-C. Ensure that operations on signed integers do not result in overflow

INT33-C. Ensure that division and modulo operations do not result in divide-by-zero errors

INT34-C. Do not shift a negative number of bits or more bits than exist in the operand

INT35-C. Evaluate integer expressions in a larger size before comparing or assigning to that size

INT36-C. No implicit conversion shall change the signed nature of an object or reduce the number of bits in that object

Risk Assessment Summary

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
INT00-C	high	unlikely	high	P3	L3
INT01-C	medium	probable	medium	P8	L2
INT02-C	medium	probable	medium	P8	L2
INT03-C	medium	probable	medium	P8	L2
INT04-C	low	probable	high	P2	L3
INT05-C	medium	probable	high	P4	L3
INT06-C	medium	probable	medium	P8	L2
INT07-C	medium	probable	medium	P8	L2
INT08-C	medium	probable	high	P4	L3
INT09-C	low	probable	medium	P4	L3
INT10-C	low	unlikely	high	P1	L3
INT11-C	low	probable	high	P2	L3
INT12-C	low	unlikely	medium	P2	L3
INT13-C	high	unlikely	medium	P6	L2
INT14-C	medium	unlikely	medium	P4	L3
INT15-C	high	unlikely	medium	P6	L2
INT16-C	medium	unlikely	medium	P4	L3
INT17-C	high	probable	low	P6	L2

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
INT30-C	high	likely	high	P9	L2
INT31-C	high	probable	high	P6	L2
INT32-C	high	likely	high	P9	L2
INT33-C	low	likely	medium	P6	L2
INT34-C	high	probable	medium	P12	L1
INT35-C	high	likely	medium	P18	L1
INT36-C	low	likely	low	P6	L2

Related Rules and Recommendations

Navigation Map

	integer
	integer
cellWidth	700
wrapAfter	1
cellHeight	15

EXP38-C. Do not call offsetof() on bit-field members or invalid types CERT C Secure Coding Standard