SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 172

changes.mady.by.user David Svoboda

Saved on

compared with

New Version Current

changes.mady.by.user Francesco Mariani

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#ccccff
langc
#include <assert.h>
#include <stdint.h>
 
void h(void) {
  intptr_t i = (intptr_t)(void *)&i;
  uintptr_t j = (uintptr_t)(void *)&j;
 
  void *ip = (void *)i;
  void *jp = (void *)j;
 
  assert(ip == &i);
  assert(jp == &j);
}

INT36-C-EX3: An integer may be converted to a void* and back as long as the pointer is not dereferenced, and the integer is in range (that is, the appropriate range for an intptr_t or uintptr_t).

The following POSIX code passes an integer, cast as a void* to a thread, and the thread prints the integer.

Code Block
bgColor#ccccff
langc
#include <stdio.h>
#include <pthread.h>


void *print_int(void *ptr) {
  intptr_t i = (intptr_t) ptr;
  printf("The number is %jd\n", i);
  return NULL;
}

int main(void) {
  pthread_t thr1;
  intptr_t i = 123;
  int result;

   if ((result = pthread_create(&thr1, NULL, print_int, (void *)i)) != 0) {
    /* Handle error */
  }

  pthread_exit(NULL);
  return 0;
}

Risk Assessment

Converting from pointer to integer or vice versa results in code that is not portable and may create unexpected pointers to invalid memory locations.

...

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V

pointer-integral-cast

pointer-integral-cast-implicit

function-pointer-integer-cast

function-pointer-integer-cast-implicit

Fully checked
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-INT36Fully implemented
Clang
Include Page
Clang_V
Clang_V
-Wint-to-pointer-cast, -Wint-conversionCan detect some instances of this rule, but does not detect all
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
LANG.CAST.PC.CONST2PTR
LANG.CAST.PC.INT
PARSE.PCLB
PARSE.PCTSSI
Conversion: integer constant to pointer
Conversion: pointer/integer
Pointer conversion loses bits
Pointer conversion to same size integer
Compass/ROSE


Coverity
Include Page
Coverity_V
Coverity_V
PW.POINTER_CONVERSION_LOSES_BITSFully implemented
Cppcheck Premium

Include Page
Cppcheck Premium_V
Cppcheck Premium_V

premium-cert-int36-c
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C0303, C0305, C0306, C0309, C0324, C0326, C0360, C0361, C0362

C++3040, C++3041, C++3042, C++3043, C++3044, C++3045, C++3046, C++3047, C++3048


Klocwork
Include Page
Klocwork_V
Klocwork_V
MISRA.CAST.OBJ_PTR_TO_INT.2012
LDRA tool suite
Include Page
LDRA_V
LDRA_V

439 S, 440 S

Fully implemented
Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V

CERT_C-INT36-b

A conversion should not be performed between a pointer to object type and an integer type other than 'uintptr_t' or 'intptr_t'

PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

4287

Partially supported: reports casts from pointer types to smaller integer types which lose information

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule INT36-C


Checks for unsafe conversion between pointer and integer (rule partially covered)

PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V527, V528V542, V566, V601V647, V1091
RuleChecker
Include Page
RuleChecker_V
RuleChecker_V

pointer-integral-cast

pointer-integral-cast-implicit

function-pointer-integer-cast

function-pointer-integer-cast-implicit

Fully checked
Security Reviewer - Static Reviewer

Include Page
Security Reviewer - Static Reviewer_V
Security Reviewer - Static Reviewer_V

CPP_05

Fully implemented
SonarQube C/C++ Plugin
Include Page
SonarQube C/C++ Plugin_V
SonarQube C/C++ Plugin_V
S1767Partially implemented

...