The type time_t is specified as an "arithmetic type capable of representing times." However, the way time is encoded within this arithmetic type by the function time() is unspecified. See unspecified behavior 48 in section Annex J .1 of the C Standard. Because the encoding is unspecified, there is no safe way to manually perform arithmetic on the type, and as a result, the values should not be modified directly.
...
Using time_t incorrectly can lead to broken logic that can place a program in an infinite loop or cause an expected logic branch to not execute.
Recommendation | Severity | Likelihood | Detectable |
|---|
Repairable | Priority | Level |
|---|---|---|
MSC05-C | Low |
Unlikely |
Yes |
No | P2 | L3 |
Automated Detection
Tool | Version | Checker | Description |
|---|---|---|---|
| Compass/ROSE |
Can detect violations of this recommendation | |||||||
|
CC2.MSC05 | Fully implemented | ||||||||
| LDRA tool suite |
| 96 S, 101 S, 107 S, 433 S, 458 S | Partially Implemented |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Bibliography
| [Kettlewell 2002] | Section 4.1, "time_t" |
...
...