SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 109

changes.mady.by.user Jon O'Donnell

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM Cost Reform

...

This compliant solution defines the acceptable range for length as [1, MAX_TABLE_LENGTH]. The length parameter is declared as size_t, which is unsigned by definition. Consequently, it is not necessary to check length for negative values (see INT01-C. Use rsizesize_t or sizersize_t for all integer values representing the size of an object).

Code Block
bgColor#ccccff
langc
enum { MAX_TABLE_LENGTH = 256 };

char** create_table(void) {
  const char* const lenstr = getenv("TABLE_SIZE");
  const size_t length = lenstr ? strtoul(lenstr, NULL, 10) : 0;

  if (length == 0 || length > MAX_TABLE_LENGTH)
    return NULL;   /* Indicate error to caller */

  const size_t table_size = length * sizeof(char *);
  char** const table = (char **)malloc(table_size);

  if (table == NULL)
    return NULL;   /* Indicate error to caller */

  /* Initialize table... */
  return table;
}

...

Recommendation

Severity

Likelihood

Detectable

Remediation CostRepairable

Priority

Level

INT04-C

High

Probable

Yes

HighNo

P6P12

L2L1

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V

Supported by taint analysis
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

IO.TAINT.SIZE
LANG.MEM.TBA
IO.TAINT.ADDR
IO.UT.HOST
IO.UT.PORT

(general)

Tainted allocation size
Tainted buffer access
Tainted network address
Untrusted Network Host
Untrusted Network Port

CodeSonar will track the tainted value, along with any limits applied to it, and flag any problems caused by underconstraint. Warnings of a wide range of classes may be triggered, including tainted allocation size, buffer overrun, and division by zero

KlocworkHelix QAC

Include Page

Klocwork

Helix QAC_V

Klocwork_V
Helix QAC_V

DF2794, DF2804, DF2854, DF2859, DF2864, DF2894, DF2899, DF2904, DF2909, DF2914, DF2924, DF2944, DF2949, DF2954, DF2956, DF2959


Klocwork
Include Page
Klocwork_V
Klocwork_V
SV.TAINTED.ALLOC_SIZE
SV.TAINTED.ALLOC_SIZE
SV.TAINTED.BINOP
SV.TAINTED.CALL.BINOP
SV.TAINTED.CALL.INDEX_ACCESS
SV.TAINTED.CALL.LOOP_BOUND
SV.TAINTED.INDEX_ACCESS
SV.TAINTED.LOOP_BOUND
Parasoft C/C++test9.5BD-SECURITY-INTOVERF, BD-SECURITY-OVERFRD, BD-SECURITY-OVERFWR
Include Page
Parasoft_V
Parasoft_V

CERT_C-INT04-a
CERT_C-INT04-b
CERT_C-INT04-c

Avoid potential integer overflow/underflow on tainted data
Avoid buffer read overflow from tainted data
Avoid buffer write overflow from tainted data

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rec. INT04-C


Checks for:

  • Array access with tainted index
Polyspace Bug FinderR2016a
  • Loop bounded with tainted value
  • Memory allocation with tainted size
  • Tainted size of variable length array

Loop controlled by a value from an unsecure source

Size argument to memory function is from an unsecure source

Size of the variable-length array (VLA) is from an unsecure source and may be zero, negative, or too large

Rec. partially supported.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...