SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 63

changes.mady.by.user David Svoboda

Saved on

compared with

New Version Current

changes.mady.by.user Joerg Herter

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V

conversion_overflow

essential-type-assign

eof-small-int-comparison

Partially checked + soundly Soundly supported
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-FIO34
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
LANG.CAST.COERCECoercion alters value
Compass/ROSE




Coverity
Include Page
Coverity_V
Coverity_V

CHAR_IO

Identifies defects when the return value of fgetc()getc(), or getchar() is incorrectly assigned to a char instead of an int. Coverity Prevent cannot discover all violations of this rule, so further verification is necessary

Cppcheck Premium
Include Page
Cppcheck Premium_V
Cppcheck Premium_V


premium-cert-fio34-c


ECLAIR1.2

CC2.FIO34

Partially implemented

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C2676, C2678

C++2676, C++2678, C++3001, C++3010, C++3051, C++3137, C++3717


Klocwork
Include Page
Klocwork_V
Klocwork_V
CWARN.CMPCHR.EOF
LDRA tool suite
Include Page
LDRA_V
LDRA_V
662 S
Fully implemented
Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V

CERT_C-FIO34-a

The macro EOF should be compared with the unmodified return value from the Standard Library function

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule FIO34-C


Checks for character values absorbed into EOF (rule partially covered)

Splint3.1.1



RuleChecker

Include Page
RuleChecker_V
RuleChecker_V

essential

eof-small-

type

int-

assign

comparison

SupportedPartially checked

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

Key here (explains table format and definitions)

Taxonomy

Taxonomy item

Relationship

CERT C Secure Coding StandardSTR00-C. Represent characters using an appropriate typePrior to 2018-01-12: CERT: Unspecified Relationship
CERT C Secure Coding StandardINT31-C. Ensure that integer conversions do not result in lost or misinterpreted dataPrior to 2018-01-12: CERT: Unspecified Relationship
CERT Oracle Secure Coding Standard for JavaFIO08-J. Use an int to capture the return value of methods that read a character or bytePrior to 2018-01-12: CERT: Unspecified Relationship
ISO/IEC TS 17961:2013Using character values that are indistinguishable from EOF [chreof]Prior to 2018-01-12: CERT: Unspecified Relationship
CWE 2.11CWE-1972017-06-14: CERT: Rule subset of CWE

CERT-CWE Mapping Notes

Key here for mapping notes

CWE-197 and FIO34-C

Independent( FLP34-C, INT31-C) FIO34-C = Subset( INT31-C)

Therefore: FIO34-C = Subset( CWE-197)

Bibliography

[Kettlewell 2002]Section 1.2, "<stdio.h> and Character Types"
[NIST 2006]SAMATE Reference Dataset Test Case ID 000-000-088
[Summit 2005]Question 12.2