Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search
Log in
Confluence
Spaces
Hit enter to search
Help
Online Help
Keyboard Shortcuts
Feed Builder
What’s new
Available Gadgets
About Confluence
Log in
SEI CERT C Coding Standard
Pages
Boards
Space shortcuts
Dashboard
Secure Coding Home
Android
C
C++
Java
Perl
Page tree
Browse pages
Configure
Space tools
View Page
A
t
tachments (0)
Page History
Page Information
View in Hierarchy
View Source
Export to PDF
Export to Word
Pages
…
SEI CERT C Coding Standard
4 Back Matter
EE. Analyzers
Security Reviewer - Static Reviewer_V
Page Information
Title:
Security Reviewer - Static Reviewer_V
Author:
Francesco Mariani
Jul 02, 2025
Last Changed by:
Francesco Mariani
Jul 15, 2025
Tiny Link:
(useful for email)
https://wiki.sei.cmu.edu/confluence/x/NIB_Iw
Export As:
Word
·
PDF
Incoming Links
SEI CERT C Coding Standard (72)
Page:
MEM34-C. Only free memory allocated dynamically
Page:
FIO42-C. Close files when they are no longer needed
Page:
DCL40-C. Do not create incompatible declarations of the same function or object
Page:
EXP12-C. Do not ignore values returned by functions
Page:
FLP34-C. Ensure that floating-point conversions are within range of the new type
Page:
INT08-C. Verify that all integer values are in range
Page:
MSC37-C. Ensure that control never reaches the end of a non-void function
Page:
ERR04-C. Choose an appropriate termination strategy
Page:
EXP34-C. Do not dereference null pointers
Page:
EXP37-C. Call functions with the correct number and type of arguments
Page:
INT01-C. Use size_t or rsize_t for all integer values representing the size of an object
Page:
MSC11-C. Incorporate diagnostic tests using assertions
Page:
EXP36-C. Do not cast pointers into more strictly aligned pointer types
Page:
POS01-C. Check for the existence of links when dealing with files
Page:
MEM10-C. Define and use a pointer validation function
Page:
EXP40-C. Do not modify constant objects
Page:
EXP00-C. Use parentheses for precedence of operation
Page:
MEM30-C. Do not access freed memory
Page:
PRE31-C. Avoid side effects in arguments to unsafe macros
Page:
INT32-C. Ensure that operations on signed integers do not result in overflow
Page:
MSC39-C. Do not call va_arg() on a va_list that has an indeterminate value
Page:
STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string
Page:
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
Page:
POS52-C. Do not perform operations that can block while holding a POSIX lock
Page:
DCL31-C. Declare identifiers before using them
Page:
EXP09-C. Use sizeof to determine the size of a type or variable
Page:
EXP46-C. Do not use a bitwise operator with a Boolean-like operand
Page:
MSC09-C. Character encoding: Use subset of ASCII for safety
Page:
EXP08-C. Ensure pointer arithmetic is used correctly
Page:
PRE30-C. Do not create a universal character name through concatenation
Page:
ERR32-C. Do not rely on indeterminate values of errno
Page:
EXP19-C. Use braces for the body of an if, for, or while statement
Page:
INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors
Page:
MEM12-C. Consider using a goto chain when leaving a function on error when using and releasing resources
Page:
MEM33-C. Allocate and copy structures containing a flexible array member dynamically
Page:
EXP47-C. Do not call va_arg with an argument of the incorrect type
Page:
PRE04-C. Do not reuse a standard header file name
Page:
MSC41-C. Never hard code sensitive information
Page:
EXP14-C. Beware of integer promotion when performing bitwise operations on integer types smaller than int
Page:
MSC30-C. Do not use the rand() function for generating pseudorandom numbers
Page:
MSC12-C. Detect and remove code that has no effect or is never executed
Page:
ERR05-C. Application-independent code should provide error detection without dictating error handling
Page:
INT02-C. Understand integer conversion rules
Page:
MSC07-C. Detect and remove dead code
Page:
MSC25-C. Do not use insecure or weak cryptographic algorithms
Page:
STR38-C. Do not confuse narrow and wide character strings and functions
Page:
DCL39-C. Avoid information leakage when passing a structure across a trust boundary
Page:
FIO47-C. Use valid format strings
Page:
MSC21-C. Use robust loop termination conditions
Page:
EXP30-C. Do not depend on the order of evaluation for side effects
Page:
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
Page:
Security Reviewer - Static Reviewer
Page:
MEM35-C. Allocate sufficient memory for an object
Page:
MSC20-C. Do not use a switch statement to transfer control into a complex block
Page:
MSC01-C. Strive for logical completeness
Page:
MSC18-C. Be careful while handling sensitive data, such as passwords, in program code
Page:
WIN02-C. Restrict privileges when spawning child processes
Page:
ENV30-C. Do not modify the object referenced by the return value of certain functions
Page:
MEM31-C. Free dynamically allocated memory when no longer needed
Page:
STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
Page:
STR37-C. Arguments to character-handling functions must be representable as an unsigned char
Page:
FIO21-C. Do not create temporary files in shared directories
Page:
FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call
Page:
MEM05-C. Avoid large stack allocations
Page:
PRE13-C. Use the Standard predefined macros to test for versions and features.
Page:
STR05-C. Use pointers to const when referring to string literals
Page:
MEM03-C. Clear sensitive information stored in reusable resources
Page:
MEM04-C. Beware of zero-length allocations
Page:
FLP03-C. Detect and handle floating-point errors
Page:
MSC24-C. Do not use deprecated or obsolescent functions
Page:
INT36-C. Converting a pointer to integer or integer to pointer
Page:
INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand
Hierarchy
Parent Page
Page:
EE. Analyzers
Labels
There are no labels assigned to this page.
Recent Changes
Time
Editor
Jul 15, 2025 07:10
Francesco Mariani
View Changes
Jul 15, 2025 07:09
Francesco Mariani
View Changes
Jul 02, 2025 09:45
Francesco Mariani
View Changes
Jul 02, 2025 09:38
Francesco Mariani
View Page History
Overview
Content Tools
{"serverDuration": 142, "requestCorrelationId": "a7d914c0201d7d95"}
