SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 96

changes.mady.by.user Anirban Gangopadhyay

Saved on

compared with

New Version Current

changes.mady.by.user Richard W. Laughlin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Removed references to Annex K.

...

Replacing secure functions with less secure functions is a very risky practice because developers can be easily fooled into trusting the function to perform a security check that is absent. This may be a concern, for example, as developers attempt to adopt more secure functions , such as the C11 Annex K functions, that might not be available on all platforms. (See VOID STR07-C. Use the bounds-checking interfaces for string manipulation.)

Recommendation

Severity

Likelihood

Detectable

RepairableRemediation Cost

Priority

Level

PRE09-C

High

Likely

Yes

NoMedium

P18

L1

Automated Detection

Use of obsolete standard function

Dangerous functions cause possible buffer overflow in

Obsolete routines can cause security vulnerabilities and portability issues

Fully implemented
ToolVersionCheckerDescription
Astrée
Include Page
Astrée_V
Astrée_V

Supported, but no explicit checker
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-PRE09
Cppcheck Premium

Include Page
Cppcheck Premium_V
Cppcheck Premium_V

premium-cert-pre09-c
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C5003
Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rec. PRE09-C


Checks for:

  • Use of dangerous standard function
  • Insufficient destination buffer
PRQA QA-C
Include Page
PRQA QA-C_vPRQA QA-C_v5003
  • size

Rec. fully covered.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...