SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 62

changes.mady.by.user Aaron Ballman

Saved on

compared with

New Version 63

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#FFcccc
langc
static int yy_string_get() {
  register char *c_str;
  register int c;

  c_str = bash_input.location.string;
  c = EOF;

  /* If the string doesn't exist, or is empty, EOF found. */
  if (c_str && *c_str) {
    c = *c_str++;
    bash_input.location.string = c_str;
  }
  return (c);
}

...

Code Block
bgColor#FFcccc
langc
static int yy_string_get() {
  register unsigned char *c_str;
  register int c;

  c_str = bash_input.location.string;
  c = EOF;

  /* If the string doesn't exist, or is empty, EOF found. */
  if (c_str && *c_str) {
    c = *c_str++;
    bash_input.location.string = c_str;
  }
  return (c);
}

This example, however, is in violation of violates STR04-C. Use plain char for characters in the basic character set.

...

Code Block
bgColor#ccccff
langc
static int yy_string_get() {
  register char *c_str;
  register int c;

  c_str = bash_input.location.string;
  c = EOF;

  /* If the string doesn't exist, or is empty, EOF found. */
  if (c_str && *c_str) {
    /* Cast to unsigned type. */
    c = (unsigned char)*c_str++;

    bash_input.location.string = c_str;
  }
  return (c);
}

...

This is a subtle error that results in a disturbingly broad range of potentially severe vulnerabilities.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

STR34-C

mediumMedium

probableProbable

mediumMedium

P8

L2

Automated Detection

Tool

Version

Checker

Description

Compass/ROSE

  

Can detect violations of this rule when checking for violations of INT07-C. Use only explicitly signed or unsigned char type for numeric values

ECLAIR

Include Page
ECLAIR_V
ECLAIR_V

CC2.STR34

Fully implemented

Fortify SCA

5.0

 

Can detect violations of this rule with CERT C Rule Pack

GCC

2.95 and later

-Wchar-subscripts

Detects objects of type char used as array indices

LDRA tool suite

Include Page
LDRA_V
LDRA_V

434 S

Fully implemented
PRQA QA-C
Include Page
PRQA_V
PRQA_V
3704Fully implemented

...

CERT C Secure Coding StandardSTR37-C. Arguments to character handling functions must be representable as an unsigned char
STR04-C. Use plain char for characters in the basic character set
ARR30-C. Do not form or use out of bounds pointers or array subscripts
CERT C++ Secure Coding StandardSTR34-CPP. Cast characters to unsigned types before converting to larger integer sizes
ISO/IEC TS 17961 (Draft)Conversion of signed characters to wider integer types before a check for EOF [signconv]
MISRA-CRule 10.1 through Rule 10.4 (required)
MITRE CWECWE-704, Incorrect type conversion or cast

...