SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 133

changes.mady.by.user Amy Gale

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM Cost Reform

Do not cast away a const qualification on an object of pointer type. Casting away the const qualification allows a program to modify the object referred to by the pointer, which may result in undefined behavior. See undefined behavior 6461 in Appendix J of the C Standard.

...

EXP05-C-EX2: A number of C standard library functions are specified to return non-const pointers that refer to their const-qualified arguments. When the actual arguments to such functions reference const objects, attempting to use the returned non-const pointers to modify the const objects would be a violation of EXP40-C. Do not modify constant objects and would lead to undefined behavior. These functions are the following:

memchr

strchr

strpbrk

strrchr

strstr

strtod

strtof

strtold

strtol

strtoll

strtoul

strtoull

wmemchr

wcschr

wcspbrk

wcsrchr

wcsstr

 

 

 




For instance, in following example, the function strchr returns an unqualified char* that points to the terminating null character of the constant character array s (which could be stored in ROM). Even though the pointer is not const, attempting to modify the character it points to would lead to undefined behavior.

...

If the object is constant, the compiler may allocate storage in ROM or write-protected memory. Attempting to modify such an object may lead to a program crash or denial-of-service attack.

Recommendation

Severity

Likelihood

Remediation Cost

Detectable

Repairable

Priority

Level

EXP05-C

Medium

Probable

No

Medium

No

P8

P4

L2

L3

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
pointer-qualifier-cast-const
pointer-qualifier-cast-const-implicit		Fully checked
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-EXP05Fully implemented
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
LANG.CAST.PC.CRCQCast removes const qualifier
Compass/ROSE
 

 

 




ECLAIR

Include Page
ECLAIR_V
ECLAIR_V

CC2.EXP05

Fully implemented

GCC
Include Page
GCC_V
GCC_V
 


Can detect violations of this recommendation when the -Wcast-qual flag is used

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C0311, C0431
LDRA tool suite
Include Page
LDRA_V
LDRA_V

203 S

Fully implemented

Parasoft C/C++test
9.5MISRA2004-11_5Partially implemented
Include Page
Parasoft_V
Parasoft_V

CERT_C-EXP05-a

A cast shall not remove any 'const' or 'volatile' qualification from the type of a pointer or reference

PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

9005

Partially supported

Polyspace Bug Finder
R2016aQualifier removed in conversion

Variable qualifier is lost during conversion

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rec. EXP05-C


Checks for cast to pointer that removes const qualification (rec. fully supported)

RuleChecker
Include Page
RuleChecker_V
RuleChecker_V
pointer-qualifier-cast-const
pointer-qualifier-cast-const-implicit		Fully checked
PRQA QA-C Include PagePRQA QA-C_vPRQA QA-C_v0311,431Fully implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++ Coding StandardEXP55-CPP. Do not access a cv-qualified object through a cv-unqualified type
ISO/IEC TR 24772:2013Pointer Casting and Pointer Type Changes [HFC]
Type System [IHN]
MISRA C:2012Rule 11.8 (required)
MITRE CWECWE-704, Incorrect type conversion or cast

Bibliography

[ISO/IEC 9899:2011]Subclause 6.7.3, "Type Qualifiers"

...


...

Image Modified Image Modified Image Modified