SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 37

changes.mady.by.user John Benito

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM Cost Reform

Comparing a function pointer to a value that is not a null function pointer of the same type will be diagnosed because it typically indicates programmer error and can result in unexpected behavior. Implicit comparisons will be diagnosed, as well.

...

Code Block
bgColor#FFcccc
langc
/* First the options that are allowed only allowed for root */
if (getuid == 0 || geteuid != 0) {
  /* ... */
}

...

Code Block
bgColor#FFcccc
langc
/* First the options that are allowed only allowed for root */
if (getuid() == 0 || geteuid != 0) {
  /* ... */
}

...

Code Block
bgColor#ccccff
langc
/* First the options that are allowed only allowed for root */
if (getuid() == 0 || geteuid() != 0) {
  /* ... */
}

...

Code Block
bgColor#ccccff
langc
/* First the options that are allowed only allowed for root */ 
if (getuid == (uid_t(*)(void))0 || geteuid != (uid_t(*)(void))0) { 
  /* ... */ 
}

...

Errors of omission can result in unintended program flow.

Recommendation

Severity

Likelihood

Detectable

Remediation Cost

Repairable

Priority

Level

EXP16-C

Low

low

Likely

likely

Yes

medium

No

P6

L2

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
function-name-constant-comparison
Partially checked

Coverity

Include Page
Coverity_V
Coverity_V

BAD_COMPARE

Can detect the specific instance where the address of a function is compared against 0, such as in the case of geteuid versus getuid() in the implementation-specific details

GCC
Include Page
GCC_V
GCC_V
  

Can detect violations of this recommendation when the -Wall flag is used

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C0428, C3004, C3344
Klocwork
Include Page
Klocwork_V
Klocwork_V

EFFECT

CWARN.NULLCHECK.FUNCNAME
CWARN.FUNCADDR


LDRA tool suite
Include Page
LDRA_V
LDRA
_V 
_V
99 SPartially implemented
Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V
CERT_C-EXP16-a
Function address should not be compared to zero
PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

2440, 2441

Partially supported: reports address of function, array, or variable directly or indirectly compared to null

PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V516, V1058
RuleChecker

Include Page
RuleChecker_V
RuleChecker_V

function-name-constant-comparison
Partially checked
 

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++
Secure
Coding StandardVOID EXP16-CPP. Avoid conversions using void pointers
ISO/IEC TR 24772:2013Likely incorrect expressions [KOA]
ISO/IEC TS 17961
 (Draft)
Comparing function addresses to zero [funcaddr]
MITRE CWECWE-480, Use of incorrect operator
CWE-482, Comparing instead of assigning

Bibliography

[Hatton 1995]Section 2.7.2, "Errors of Omission and Addition"

...


...

Image Modified Image Modified Image Modified