Page History

...

Failing to validate the parameters in library functions may result in an access violation or a data integrity violation. Such a scenario indicates a flaw in how the library is used by the calling code. However, the library itself may still be the vector by which the calling code's vulnerability is exploited.

Recommendation	Severity	Likelihood

Remediation Cost

Detectable	Repairable	Priority	Level
API00-C	Medium	Unlikely	No

High

No	P2	L3

Automated Detection

Tool	Version	Checker	Description

LDRA tool suite

Include PageLDRA_VLDRA_V

Astrée

Include Page

	Astrée_V
	Astrée_V

Supported

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

LANG.STRUCT.UPD

Unchecked parameter dereference

Parasoft C/C++test

Include Page

	Parasoft_V
	Parasoft_V

CERT_C-API00-a

The validity of parameters must be checked inside each function

PC-lint Plus

Include Page

	PC-lint Plus_V
	PC-lint Plus_V

413, 613, 668

Partially supported: reports use of null pointers including function parameters which are assumed to have the potential to be null

PVS-Studio

Include Page

	PVS-Studio_V
	PVS-Studio_V

V781, V1111

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

Key here (explains table format and definitions)

Taxonomy	Taxonomy item	Relationship
CERT C

SEI CERT C++ Coding Standard

MSC08-CPP. Functions should validate their parameters

MITRE CWE

Prior to 2018-01-12: CERT: Unspecified Relationship
CWE 2.11	CWE

ID

-20, Insufficient input validation	Prior to 2018-01-12: CERT:
MITRE CWE	CWE-476	Prior to 2018-01-12:

Bibliography

[Apple 2006]

Application Interfaces That Enhance Security

...

Image Modified Image Modified Image Modified

Space shortcuts

Page tree

Versions Compared

Old Version 72

New Version Current

Key

Automated Detection

Related Vulnerabilities

Related Guidelines

Bibliography