SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 10

changes.mady.by.user Arthur Hicken

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM Cost Reform

...

Code Block
bgColor#ccccff
langc
const size_t String_Size = 20;
struct node_s {
  struct node_s* next;
  char* name;
}

Exceptions

API01-C-EX1: Using a string before sensitive data such as pointers is permitted when it is not practical to segregate the strings from the sensitive data.

...

Code Block
bgColor#ccccff
langc
const size_t String_Size = 20;
struct node_s {
  struct node_s* next;
  char name[String_Size];
}
struct node_s list[10];

...

Risk Assessment
Failure to follow this recommendation can result in memory corruption from buffer overflows, which can easily corrupt data or yield remote code execution.
Rule
Severity
Likelihood
Detectable
Repairable
Priority
Level
API01-C
High
Likely
Yes
No
P18
L1
Automated Detection
Tool
Version
Checker
Description
Astrée
 Include Page
Astrée_V
Astrée_V
array_out_of_bounds
field_overflow_upon_dereference
Supported
Parasoft C/C++test
9.5
BD-PB-OVERFWR,SECURITY-12
 
 Include Page
Parasoft_V
Parasoft_V
CERT_C-API01-a
CERT_C-API01-b
Avoid overflow when writing to a buffer
Avoid using unsafe string functions which may cause buffer overflows

Image Modified Image Modified Image Modified