SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 22

changes.mady.by.user Robert Seacord

Saved on

compared with

New Version 23

changes.mady.by.user Robert Seacord

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The following sections examine specific operations that are susceptible to unsigned integer wrap. When operating on small integer types (smaller than int), integer conversion rules applypromotions are applied. The usual arithmetic conversions may also be applied to (implicitly) convert operands to equivalent types before arithmetic operations are performed. Make sure you understand implicit integer conversion rules before trying to implement secure arithmetic operations (see INT02-A. Understand integer conversion rules).

...

Non-Compliant Code Example

This non-compliant code example may result in an unsigned integer wrap during the addition of the unsigned operands ui1 and ui2. If this behavior is unexpected, the resulting value may be used to allocate insufficient memory for a subsequent operation or in some other manner that could lead to an exploitable vulnerability.

...

Non-Compliant Code Example

This non-compliant code example may result in an unsigned integer wrap during the subtraction of the unsigned operands ui1 and ui2. If this behavior is unanticipated, it may lead to an exploitable vulnerability.

...

Code Block
bgColor#FFcccc
pen->num_vertices = 
  _cairo_pen_vertices_needed(
    gstate->tolerance, 
    radius, 
    &gstate->ctm
  );
pen->vertices = malloc(
  malloc(pen->num_vertices * sizeof(cairo_pen_vertex_t)
);

The unsigned integer wrap can result in allocating memory of insufficient size.

...

Code Block
bgColor#ccccff
pen->num_vertices = 
  _cairo_pen_vertices_needed(
    gstate->tolerance, 
    radius, 
    &gstate->ctm
  );

if (pen->num_vertices > SIZE_MAX/sizeof(cairo_pen_vertex_t)) {
   /* handle error condition */
}
pen->vertices = malloc(
  malloc(pen->num_vertices * sizeof(cairo_pen_vertex_t)
);

Anchor
Left Shift Operator
Left Shift Operator

...

Fortify SCA Version 5.0 with the CERT C Rule Pack is able to detect violations of this rule.

...

Wiki Markup
\[[Dowd 06|AA. C References#Dowd 06]\] Chapter 6, "C Language Issues" (Arithmetic Boundary Conditions, pp. 211-223)
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.2.5, "Types," Section 6.5, "Expressions," and Section 7.10, "Sizes of integer types {{<limits.h>}}"
\[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\] "XYY Wrap-around Error"
\[[Seacord 05|AA. C References#Seacord 05]\] Chapter 5, "Integers"
\[[Viega 05|AA. C References#Viega 05]\] Section 5.2.7, "Integer overflow"
\[[VU#551436|AA. C References#VU551436]\]
\[[Warren 02|AA. C References#Warren 02]\] Chapter 2, "Basics"
\[[Wojtczuk 08|AA. C References#Wojtczuk 08]\]

...