SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 99

changes.mady.by.user David Svoboda

Saved on

compared with

New Version Current

changes.mady.by.user Jill Britton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Note
titleDeprecated

This guideline does not apply to code that need conform only to C23. Code that must conform to older versions of the C standard should still comply with this guideline.

The calloc() function takes two arguments: the number of elements to allocate and the storage size of those elements. Typically, calloc() implementations multiply these arguments to determine how much memory to allocate. Historically, some implementations failed to check whether out-of-bounds results silently wrapped [RUS-CERT Advisory 2002-08:02]. If the result of multiplying the number of elements to allocate and the storage size wraps, less memory is allocated than was requested. As a result, it is necessary to ensure that these arguments, when multiplied, do not wrap.

...

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V

Supported, but no explicit checker
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
ALLOC.SIZE.MULOFLOWMultiplication overflow of allocation size
Compass/ROSE




Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C1601
C1602
C1603
C1604


Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_C-MEM07-a

The validity of values passed to library functions shall be checked

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...