SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 105

changes.mady.by.user Jill Britton

Saved on

compared with

New Version 110

changes.mady.by.user Jill Britton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

4941, 4942, 4943

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
function-argument-with-paddingPartially checked
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-DCL39Detects composite structures with padding, in particular those passed to trust boundary routines.
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

MISC.PADDING.POTB

Padding Passed Across a Trust Boundary

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C4941DF4941, C4942, C4943

C++4941, C++4942, C++4943

DF4942, DF4943


Klocwork
Include Page
Klocwork
Include Page
Klocwork_V
Klocwork_V
PORTING.STORAGE.STRUCT


Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_C-DCL39-a

A pointer to a structure should not be passed to a function that can copy data to the user space

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule DCL39-CChecks for information leak via structure padding 
PRQA QA-CRuleChecker
Include Page
PRQA QA-C_vPRQA QA-C_v4941, 4942, 4943
RuleChecker_V
RuleChecker_V
function-argument-with-paddingPartially checkedPRQA QA-C++
Include Page
cplusplus:PRQA QA-C++_Vcplusplus:PRQA QA-C++_V

Related Vulnerabilities

Numerous vulnerabilities in the Linux Kernel have resulted from violations of this rule. CVE-2010-4083 describes a vulnerability in which the semctl() system call allows unprivileged users to read uninitialized kernel stack memory because various fields of a semid_ds struct declared on the stack are not altered or zeroed before being copied back to the user.

...