SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 11

changes.mady.by.user Barbara White

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM Cost Reform

...

Code Block
bgColor#ccccff
langc
const size_t String_Size = 20;
struct node_s {
  struct node_s* next;
  char name[String_Size];
}
struct node_s list[10];

...

Risk Assessment

Failure to follow this recommendation can result in memory corruption from buffer overflows, which can easily corrupt data or yield remote code execution.

Rule

Severity

Likelihood

Detectable

Repairable

Priority

Level

API01-C

High

Likely

Yes

No

P18

L1

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V

array_out_of_bounds

field_overflow_upon_dereference

Supported
Parasoft C/C++test
9.5

BD-PB-OVERFWR,SECURITY-12

 

...

Include Page
Parasoft_V
Parasoft_V

CERT_C-API01-a
CERT_C-API01-b

Avoid overflow when writing to a buffer
Avoid using unsafe string functions which may cause buffer overflows


Image Modified Image Modified Image Modified