SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 163

changes.mady.by.user Jill Britton

Saved on

compared with

New Version Current

changes.mady.by.user Francesco Mariani

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The C Standard identifies the following condition under which division and remainder operations result in undefined behavior (UB):

UBDescription

4541

The value of the second operand of the / or % operator is zero (6.5.5).

...

A divide-by-zero error can result in abnormal program termination and denial of service.

Rule

Severity

Likelihood

Detectable

Remediation CostRepairable

Priority

Level

INT33-C

Low

Likely

No

MediumYes

P6

L2

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V

int-division-by-zero

int-modulo-by-zero

Fully checked
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-INT33
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
LANG.ARITH.DIVZERO
LANG.ARITH.FDIVZERO
Division by zero
Float Division By Zero
Compass/ROSE

Can detect some violations of this rule (In particular, it ensures that all operations involving division or modulo are preceded by a check ensuring that the second operand is nonzero.)

Coverity
Include Page
Coverity_V
Coverity_V

DIVIDE_BY_ZERO

Fully implemented
Cppcheck
Include Page
Cppcheck_V
Cppcheck_V
zerodiv
zerodivcond


Cppcheck Premium

Include Page
Cppcheck Premium_V
Cppcheck Premium_V

zerodiv
zerodivcond

premium-cert-int33-cContext sensitive analysis of division by zero
Not detected for division by struct member / array element / pointer data that is 0
Detected when there is unsafe division by variable before/after test if variable is zero


Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C2830

C++2830

DF2831, DF2832, DF2833


Klocwork
Include Page
Klocwork_V
Klocwork_V

DBZ.CONST
DBZ.CONST.CALL
DBZ.GENERAL
DBZ.ITERATOR
DBZ.ITERATOR.CALL


LDRA tool suite
Include Page
LDRA_V
LDRA_V

43 D, 127 D, 248 S, 629 S, 80 X

Partially implemented
Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V

CERT_C-INT33-a

Avoid division by zero
Parasoft Insure++

Runtime analysis
Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule INT33-C


Checks for:

  • Integer division by zero
  • Tainted division operand
  • Tainted modulo operand

Rule fully covered.

Security Reviewer - Static Reviewer

Include Page
Security Reviewer - Static Reviewer_V
Security Reviewer - Static Reviewer_V

CPP_02

Fully implemented

SonarQube C/C++ Plugin
Include Page
SonarQube C/C++ Plugin_V
SonarQube C/C++ Plugin_V
S3518
PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V609
TrustInSoft Analyzer

Include Page
TrustInSoft Analyzer_V
TrustInSoft Analyzer_V

division_by_zero

Exhaustively verified (see one compliant and one non-compliant example).

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...