SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 58

changes.mady.by.user Lisa Robertson

Saved on

compared with

New Version 72

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM Cost Reform

...

Arrays are a common source of vulnerabilities in C language programs because they are frequently used but not always fully understood.

Recommendation

Severity

Likelihood

Remediation Cost

Detectable

Repairable

Priority

Level

ARR00-C

High

Probable

No

High

No

P6

L2

Automated Detection

Tool

Version

Checker

Description

 

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

LANG.CAST.ARRAY.TEMP

Array to Pointer Conversion on Temporary Object
Klocwork
Include Page
Klocwork_V
Klocwork_V
ABV.ANY_SIZE_ARRAY
ABV.GENERAL
ABV.GENERAL.MULTIDIMENSION
ABV.ITERATOR
ABV.MEMBER
ABV.STACK
ABV.TAINTED
ABV.UNICODE.BOUND_MAP
ABV.UNICODE.FAILED_MAP
ABV.UNICODE.NNTS_MAP
ABV.UNICODE.SELF_MAP
ABV.UNKNOWN_SIZE
NNTS.MIGHT
NNTS.MUST
NNTS.TAINTED
SV.STRBO.BOUND_COPY.OVERFLOW
SV.STRBO.BOUND_COPY.UNTERM
SV.STRBO.BOUND_SPRINTF
SV.STRBO.UNBOUND_COPY
SV.STRBO.UNBOUND_SPRINTF
SV.TAINTED.ALLOC_SIZE
SV.TAINTED.CALL.INDEX_ACCESS
SV.TAINTED.CALL.LOOP_BOUND
SV.TAINTED.INDEX_ACCESS
SV.TAINTED.LOOP_BOUND
SV.UNBOUND_STRING_INPUT.CIN
SV.UNBOUND_STRING_INPUT.FUNC
 

LDRA tool suite
Include Page
LDRA_V
LDRA_V

45 D, 47 S, 489 S, 567 S, 64 X, 66 X, 68 X, 69 X, 70 X, 71 X

Partially implemented

Polyspace Bug FinderR2016aPossible misuse of sizeofUse of sizeof operator can cause unintended results
PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

409, 413, 429, 613

Partially supported: conceptually includes all other ARR items which are mapped to their respective guidelines; explicit mappings for ARR00 are present when a situation mentioned in the guideline itself is encountered

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

Key here (explains table format and definitions)

Taxonomy

Taxonomy item

Relationship

CERT C
SEI CERT C++ Coding Standard
CTR00-CPP. Understand when to prefer vectors over arrays
MITRE CWE
Prior to 2018-01-12: CERT: Unspecified Relationship
CWE 2.11CWE-119, Improper Restriction of Operations within the Bounds of a Memory BufferPrior to 2018-01-12: CERT:
CWE 2.11CWE-123, Write-what-where ConditionPrior to 2018-01-12: CERT:
CWE 2.11CWE-125, Out-of-bounds ReadPrior to 2018-01-12: CERT:
CWE 2.11CWE-129, Unchecked array indexing

...

Prior to 2018-01-12: CERT:


...

Image Modified Image Modified Image Modified