Page History

...

However, this rule is applicable only in only in cases where the character data may contain values that can be interpreted misinterpreted as negative numbers. For example, if the char type is represented by a two's complement 8-bit value, any character value greater than +127 is interpreted as a negative value.

...

Code Block

bgColor	#ccccff
lang	c

#include <limits.h>
#include <stddef.h>
 
static const char table[UCHAR_MAX + 1] = { 'a' /* ... */ };

ptrdiff_t first_not_in_table(const char *c_str) {
  for (const char *s = c_str; *s; ++s) {
    if (table[(unsigned char)*s] != *s) {
      return s - c_str;
    }
  }
  return -1;
}

Exceptions

STR34-C-EX1: This rule only applies to characters that are to be treated as unsigned chars for some purpose, such as being passed to the isdigit() function. Characters that hold small integer values for mathematical purposes need not comply with this rule.

Risk Assessment

Conversion of character data resulting in a value in excess of UCHAR_MAX is an often-missed error that can result in a disturbingly broad range of potentially severe vulnerabilities.

Rule	Severity	Likelihood	Detectable	RepairableRemediation Cost	Priority	Level
STR34-C	Medium	Probable	Yes	MediumNo	P8	L2

Automated Detection

Tool

Version

Checker

Description

Astrée

Include Page

	Astrée_V
	Astrée_V

char-sign-conversion

Fully checked

Axivion Bauhaus Suite

Include Page

	Axivion Bauhaus Suite_V
	Axivion Bauhaus Suite_V

CertC-STR34

Fully implemented

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

MISC.NEGCHAR

Negative Character Value

Compass/ROSE

Can detect violations of this rule when checking for violations of INT07-C. Use only explicitly signed or unsigned char type for numeric values

Coverity

Include Page

	Coverity_V
	Coverity_V

MISRA C 2012 Rule 10.1

MISRA C 2012 Rule 10.2

MISRA C 2012 Rule 10.3

MISRA C 2012 Rule 10.4

Implemented

Essential type checkers

Cppcheck Premium

Include Page

	Cppcheck Premium_V
	Cppcheck Premium_V

premium-cert-str34-c

ECLAIR

Include Page

	ECLAIR_V
	ECLAIR_V

CC2.STR34

Fully implemented

GCC

2.95 and later

-Wchar-subscripts

Detects objects of type char used as array indices

Helix QAC

Include Page

	Helix QAC_V
	Helix QAC_V

C2140, C2141, C2143, C2144, C2145, C2147, C2148, C2149, C2151, C2152, C2153, C2155

C++3051

Klocwork

Include Page

	Klocwork_V
	Klocwork_V

CXX.CAST.SIGNED_CHAR_TO_INTEGER

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

434 S

Partially implemented

Parasoft C/C++test

Include Page

	Parasoft_V
	Parasoft_V

CERT_C-STR34-b
CERT_C-STR34-c
CERT_C-STR34-d

Cast characters to unsigned char before assignment to larger integer sizes
An expressions of the 'signed char' type should not be used as an array index
Cast characters to unsigned char before converting to larger integer sizes

PC-lint Plus

Include Page

	PC-lint Plus_V
	PC-lint Plus_V

571

Partially supported

Polyspace Bug Finder

Include Page

	Polyspace Bug Finder_V
	Polyspace Bug Finder_V

CERT C: Rule STR34-C

Checks for misuse of sign-extended character value (rule fully covered)

RuleChecker

Include Page

	RuleChecker_V
	RuleChecker_V

char-sign-conversion

Fully checked

TrustInSoft Analyzer

Include Page

	TrustInSoft Analyzer_V
	TrustInSoft Analyzer_V

out of bounds read

Partially verified (exhaustively detects undefined behavior).

...

Space shortcuts

Page tree

Versions Compared

Old Version 112

New Version Current

Key

Exceptions

Risk Assessment

Automated Detection