SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 54

changes.mady.by.user Svyatoslav Razmyslov

Saved on

compared with

New Version Current

changes.mady.by.user Francesco Mariani

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#ccccff
langc
void f(size_t begin, size_t step) {
  if (0 < step) {
    intsize_t i;
    for (i = begin; i <= INTSIZE_MAX - step; i += step) {
      /* ... */
    }
  }
}

...

Recommendation

Severity

Likelihood

Detectable

RepairableRemediation Cost

Priority

Level

MSC21-C

Low

Unlikely

No

NoLow

P3P1

L3

Automated Detection

, but no explicit checkerLoop

Tainted sign change conversion

Loop controlled by a value from an unsecure source

Value from an unsecure source changes signGeneral analysis rule

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V

Supported: Astrée reports potential infinite loops.
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

LANG.STRUCT.LOOP.HR
LANG.STRUCT.LOOP.UB

High risk loop
Potential unbounded loop

Compass/ROSE




LDRA tool suite
Include Page
LDRA_V
LDRA_V
510 SPartially implemented
PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

440, 442, 443,
444, 445, 2650

Partially supported

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder

R2016a

_V

CERT C: Rec. MSC21-C


Checks for loop bounded with tainted value (rec. partially covered)


PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio

6.22V621

_V

V621
Security Reviewer - Static Reviewer

Include Page
Security Reviewer - Static Reviewer_V
Security Reviewer - Static Reviewer_V

ctuOneDefinitionRuleViolationFully implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...