SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 85

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 86

changes.mady.by.user Arthur Hicken

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: format

...

Incorrectly assuming that the result of the remainder operator for signed operands will always be positive can lead to an out-of-bounds memory accessor other flawed logic.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

INT10-C

High

Unlikely

High

P3

L3

Automated Detection

Tool

Version

Checker

Description

Compass/ROSE

 

 



Could detect the specific noncompliant code example. It could identify when the result of a % operation might be negative and flag usage of that result in an array index. It could conceivably flag usage of any such result without first checking that the result is positive, but it would likely introduce many false positives

LDRA tool suite
Include Page
LDRA_V
LDRA_V

584 S

Fully implemented

Parasoft C/C++test
Include Page
c:
Parasoft_V
c:
Parasoft_V
BD-PB-ARRAYPartially implemented
Polyspace Bug FinderR2016aTainted modulo operand

Remainder % operands are from an unsecure source

PRQA QA-C
Include Page
PRQA QA-C_v
PRQA QA-C_v
3103Fully implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++ Coding StandardVOID INT10-CPP. Do not assume a positive remainder when using the % operator
CERT Oracle Secure Coding Standard for JavaNUM02-J. Ensure that division and remainder operations do not result in divide-by-zero errors
MITRE CWECWE-682, Incorrect calculation
CWE-129, Unchecked array indexing

Bibliography

[Beebe 2005]
 

[ISO/IEC 9899:2011]Subclause 6.5.5, "Multiplicative Operators"
[Microsoft 2007]C Multiplicative Operators
[Sun 2005]Appendix E, "Implementation-Defined ISO/IEC C90 Behavior"

...


...