SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 120

changes.mady.by.user Caden Milne

Saved on

compared with

New Version Current

changes.mady.by.user Francesco Mariani

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Risk Assessment

Rule

Severity

Likelihood

Detectable

RepairableRemediation Cost

Priority

Level

ARR36-C

Medium

Probable

No

NoMedium

P8P4

L2L3

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
pointer-subtractionPartially checked
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-ARR36Can detect operations on pointers that are unrelated
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

LANG.STRUCT.CUP

LANG.STRUCT.SUP

Comparison of Unrelated Pointers

Subtraction of Unrelated Pointers

Coverity
Include Page
Coverity_V
Coverity_V

MISRA C 2004 17.2

MISRA C 2004 17.3

MISRA C 2012 18.2

MISRA C 2012 18.3

Implemented
Cppcheck

Include Page
Cppcheck_V
Cppcheck_V

comparePointersFully implemented
Cppcheck Premium

Include Page
Cppcheck Premium_V
Cppcheck Premium_V

comparePointersFully implemented
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C0487, C0513

DF2668, DF2669, DF2761, DF2762, DF2763, DF2766, DF2767, DF2768, DF2771, DF2772, DF2773


Klocwork
Include Page
Klocwork_V
Klocwork_V

MISRA.PTR.ARITH


LDRA tool suite
Include Page
LDRA_V
LDRA_V

437 S, 438 S

Fully implemented

Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V
CERT_C-ARR36-a
CERT_C-ARR36-b

Do not subtract two pointers that do not address elements of the same array
Do not compare two unrelated pointers

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule ARR36-C

Checks for subtraction or comparison between pointers to different arrays (rule partially covered)

PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V736, V782
RuleChecker
Include Page
RuleChecker_V
RuleChecker_V
pointer-subtraction
Partially checked
Security Reviewer - Static Reviewer
6.02
C24
C107		Fully Implemented
TrustInSoft Analyzer

Include Page
TrustInSoft Analyzer_V
TrustInSoft Analyzer_V

differing_blocks

Exhaustively verified (see the compliant and the non-compliant example).

...

Taxonomy

Taxonomy item

Relationship

CERT CCTR54-CPP. Do not subtract iterators that do not refer to the same containerPrior to 2018-01-12: CERT: Unspecified Relationship
ISO/IEC TS 17961Subtracting or comparing two pointers that do not refer to the same array [ptrobj]Prior to 2018-01-12: CERT: Unspecified Relationship
CWE 2.11CWE-469, Use of Pointer Subtraction to Determine Size

2017-07-10: CERT: Exact

CWE 3.11CWE-469, Use of Pointer Subtraction to Determine Size2018-10-18:CERT:CWE subset of rule

CERT-CWE Mapping Notes

Key here for mapping notes

CWE-469 and ARR36-C

CWE-469 = Subset(ARR36-C)

ARR36-C = Union(CWE-469, list) where list =

  • Pointer comparisons using the relational operators <, <=, >=, and >, where the pointers do not refer to the same array

Bibliography

[Banahan 2003]Section 5.3, "Pointers"
Section 5.7, "Expressions Involving Pointers"
[ISO/IEC 9899:2024]

6.5.7, "Additive Operators"

...