SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 75

changes.mady.by.user Jill Britton

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM Cost Reform

The C Standard, subclause 3.45.3 [ISO/IEC 9899:20112024], defines undefined behavior as

behavior, upon use of a nonportable or erroneous program construct or of erroneous data, for

which this International Standard

which this document imposes no requirements

.

Subclause 4 explains how the standard identifies undefined behavior (see also undefined behavior 1 of Annex J).

If a "shall" or "shall not" requirement that appears outside of a

constraint is violated

constraint or runtime-constraint is violated, the behavior is undefined. Undefined behavior is otherwise indicated in this

International Standard by the

document by the words "undefined behavior" or by the omission of any explicit definition of behavior. There is no difference in emphasis among these three; they all describe "behavior that is undefined".

Annex J, subclause J.2, "Undefined behavior," enumerates the circumstances under which the behavior of a program is undefined. This list is duplicated on the CC. Undefined Behavior page.

...

Recommendation

Severity

Likelihood

Detectable

Remediation CostRepairable

Priority

Level

MSC15-C

High

Likely

No

NoMedium

P18P9

L1L2

Automated Detection

0160, 0161, 0162, 0163, 0164, 0165, 0166,

0167, 0168, 0169, 0170, 0171, 0172, 0173,

0174, 0175, 0176, 0177, 0178, 0179, 0184,

0185, 0186, 0190, 0191, 0192, 0193, 0194,

0195, 0196, 0197, 0198, 0199, 0200, 0201,

0203, 0204, 0206, 0207, 0208, 0235, 0275,

0301, 0302, 0304, 0307, 0309, 0323, 0327,

0337, 0400, 0401, 0402, 0403, 0475, 0543,

0544, 0545, 0602, 0603, 0623, 0625, 0626,

0630, 0632, 0636, 0654, 0658, 0661, 0667,

0668, 0672, 0676, 0678, 0680, 0706, 0745,

0777, 0779, 0813, 0814, 0821, 0836, 0837,

0848, 0853, 0854, 0864, 0865, 0867, 0872,

0874, 0885, 0887, 0888, 0914, 0915, 0942,

1509, 1510, 3113, 3114, 3239, 3311, 3312,

3319, 3437, 3438

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V

Supported: Astrée reports undefined behavior.
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C0160, C0161, C0162, C0163, C0164, C0165, C0166, C0167, C0168, C0169, C0170, C0171, C0172, C0173, C0174, C0175, C0176, C0177, C0178, C0179, C0184, C0185, C0186, C0190, C0191, C0192, C0193, C0194, C0195, C0196, C0197, C0198, C0199, C0200, C0201, C0203, C0204, C0206, C0207, C0208, C0235, C0275, C0301, C0302, C0304, C0307, C0309, C0323, C0327, C0337, C0400, C0401, C0402, C0403, C0475, C0543, C0544, C0545, C0602, C0603, C0623, C0625, C0626, C0630, C0632, C0636, C0654, C0658, C0661, C0667, C0668, C0672, C0676, C0678, C0680, C0706, C0745, C0777, C0779, C0813, C0814, C0821, C0836, C0837, C0848, C0853, C0854, C0864, C0865, C0867, C0872, C0874, C0885, C0887, C0888, C0914, C0915, C0942, C1509, C1510, C3113, C3114, C3239, C3311, C3312, C3319, C3437, C3438


LDRA tool suite
Include Page
LDRA_V
LDRA_V

48 D, 63 D, 84 D, 113 D, 5 Q, 64 S, 65 S, 100 S, 109 S, 156 S, 296 S, 324 S, 335 S, 336 S, 339 S, 412 S, 427 S, 465 S, 482 S, 497 S, 545 S, 587 S, 608 S, 642 S, 62 X, 63 X

Partially implemented
Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V
CERT_C-MSC15-a
CERT_C-MSC15-b

Evaluation of constant unsigned integer expressions should not lead to wrap-around
Evaluation of constant unsigned integer expressions in preprocessor directives should not lead to wraparound

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

Array access out of bounds

Copy of overlapping memory

Declaration mismatch

Format string specifiers and arguments mismatch

Integer overflow

Invalid use of standard library memory routine

Invalid use of standard library routine

Invalid use of standard library string routine

Non-initialized pointer

Non-initialized variable

Null pointer

Overlapping assignment

Pointer access out of bounds

Standard function call with incorrect arguments

Unreliable cast of function pointer

Unreliable cast of pointer

Use of tainted pointer

Writing to const qualified object

Array index outside bounds during array access

Source and destination arguments of a copy function have overlapping memory

Mismatch between function or variable declarations

String specifiers do not match corresponding arguments

Overflow from operation between integers

Standard library memory function called with invalid arguments

Wrong arguments to standard library function

Standard library string function called with invalid arguments

Pointer not initialized before dereference

Variable not initialized before use

NULL pointer dereferenced

Memory overlap between left and right sides of an assignment

Pointer dereferenced outside its bounds

Argument to a standard function does not meet requirements for use in the function

Function pointer cast to another function pointer with different argument or return type

Pointer implicitly cast to different data type

Pointer from an unsecure source may be NULL or point to unknown memory

Object declared with a const qualifier is modified

CERT C: Rec. MSC15-C


Checks for undefined behavior (rec. partially covered)

PRQA QA-C
Include Page
PRQA QA-C_vPRQA QA-C_vPartially implementedPVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V772

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

Bibliography

[ISO/IEC 9899:20112024]Subclause 3.45.3, "Undefined Behavior"
Subclause 4, "Conformance"
Subclause J.2, "Undefined Behavior"
[Seacord 2013]Chapter 5, "Integer Security"

...