SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 80

changes.mady.by.user David Svoboda

Saved on

compared with

New Version Current

changes.mady.by.user Joerg Herter

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...


Rule

Severity

Likelihood

Detectable

Repairable

Priority

Level

INT35-C

Low

Unlikely

No

No

P1

L3

Automated Detection

ToolVersionCheckerDescription
Astrée
Include Page
Astrée_V
Astrée_V
Supported: Astrée reports overflows due to insufficient precision.

precision-shift-width
precision-shift-width-constant

Partially checked + soundly supported
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

LANG.ARITH.BIGSHIFT

Shift Amount Exceeds Bit Width

Cppcheck Premium

Include Page
Cppcheck Premium_V
Cppcheck Premium_V

premium-cert-int35-c
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C0582

C++3115


Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_C-INT35-a

Use correct integer precisions when checking the right hand operand of the shift operator

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule INT35-CChecks for situations when integer precisions are exceeded (rule fully covered)
RuleChecker

Include Page
RuleChecker_V
RuleChecker_V

precision-shift-width
precision-shift-width-constant		Partially checked

 

Related Guidelines

Key here (explains table format and definitions)

Taxonomy

Taxonomy item

Relationship

CWE 2.11CWE-681, Incorrect Conversion between Numeric Types

2017-10-30:MITRE:Unspecified Relationship

2018-10-18:CERT:Partial Overlap

CERT-CWE Mapping Notes

Key here for mapping notes

CWE-190 and INT35-C

Intersection( INT35-C, CWE-190) = Ø

INT35-C used to map to CWE-190 but has been replaced with a new rule that has no overlap with CWE-190.

CWE-681 and INT35-C

Intersection(INT35-C, CWE-681) = due to incorrect use of integer precision, conversion from one data type to another causing data to be omitted or translated in a way that produces unexpected values

CWE-681INT35-C = list2, where list2 =

  • conversion from one data type to another causing data to be omitted or translated in a way that produces unexpected values, not involving incorrect use of integer precision

INT35-C - CWE-681= list1, where list1 = 

  • incorrect use of integer precision not related to conversion from one data type to another

Bibliography

[Dowd 2006]Chapter 6, "C Language Issues"
[C99 Rationale 2003]6.5.7, "Bitwise Shift Operators"

   


...