SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 102

changes.mady.by.user Jill Britton

Saved on

compared with

New Version Current

changes.mady.by.user Richard W. Laughlin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Removed references to Annex K.

...

Replacing secure functions with less secure functions is a very risky practice because developers can be easily fooled into trusting the function to perform a security check that is absent. This may be a concern, for example, as developers attempt to adopt more secure functions , such as the C11 Annex K functions, that might not be available on all platforms. (See VOID STR07-C. Use the bounds-checking interfaces for string manipulation.)

Recommendation

Severity

Likelihood

Detectable

RepairableRemediation Cost

Priority

Level

PRE09-C

High

Likely

Yes

MediumNo

P18

L1

Automated Detection

use (rec)Fully implemented
ToolVersionCheckerDescription
Astrée
Include Page
Astrée_V
Astrée_V

Supported, but no explicit checker
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-PRE09
Cppcheck Premium

Include Page
Cppcheck Premium_V
Cppcheck Premium_V

premium-cert-pre09-c
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C5003
Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rec. PRE09-C


Checks for

:

  • Use of dangerous standard function
  • Insufficient destination buffer size

Rec. fully covered

PRQA QA-C
Include Page
PRQA QA-C_vPRQA QA-C_v5003

.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...