Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search
Log in
Confluence
Spaces
Hit enter to search
Help
Online Help
Keyboard Shortcuts
Feed Builder
What’s new
Available Gadgets
About Confluence
Log in
SEI CERT C Coding Standard
Pages
Boards
Space shortcuts
Dashboard
Secure Coding Home
Android
C
C++
Java
Perl
Page tree
Browse pages
Configure
Space tools
View Page
A
t
tachments (0)
Page History
Page Information
View in Hierarchy
View Source
Export to PDF
Export to Word
Pages
…
SEI CERT C Coding Standard
4 Back Matter
EE. Analyzers
Security Reviewer - Static Reviewer
Page Information
Title:
Security Reviewer - Static Reviewer
Author:
Francesco Mariani
Jun 30, 2025
Last Changed by:
David Svoboda
Aug 13, 2025
Tiny Link:
(useful for email)
https://wiki.sei.cmu.edu/confluence/x/A4B1Iw
Export As:
Word
·
PDF
Incoming Links
SEI CERT C Coding Standard (83)
Page:
MSC21-C. Use robust loop termination conditions
Page:
INT02-C. Understand integer conversion rules
Page:
DCL01-C. Do not reuse variable names in subscopes
Page:
MEM12-C. Consider using a goto chain when leaving a function on error when using and releasing resources
Page:
PRE04-C. Do not reuse a standard header file name
Page:
ARR32-C. Ensure size arguments for variable length arrays are in a valid range
Page:
STR05-C. Use pointers to const when referring to string literals
Page:
ARR36-C. Do not subtract or compare two pointers that do not refer to the same array
Page:
MSC09-C. Character encoding: Use subset of ASCII for safety
Page:
ERR05-C. Application-independent code should provide error detection without dictating error handling
Page:
EXP19-C. Use braces for the body of an if, for, or while statement
Page:
FLP03-C. Detect and handle floating-point errors
Page:
MSC24-C. Do not use deprecated or obsolescent functions
Page:
DCL03-C. Use a static assertion to test the value of a constant expression
Page:
MSC12-C. Detect and remove code that has no effect or is never executed
Page:
EXP14-C. Beware of integer promotion when performing bitwise operations on integer types smaller than int
Page:
API04-C. Provide a consistent and usable error-checking mechanism
Page:
MEM33-C. Allocate and copy structures containing a flexible array member dynamically
Page:
PRE13-C. Use the Standard predefined macros to test for versions and features.
Page:
EXP09-C. Use sizeof to determine the size of a type or variable
Page:
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
Page:
DCL13-C. Declare function parameters that are pointers to values not changed by the function as const
Page:
WIN02-C. Restrict privileges when spawning child processes
Page:
EXP46-C. Do not use a bitwise operator with a Boolean-like operand
Page:
INT01-C. Use size_t or rsize_t for all integer values representing the size of an object
Page:
FIO47-C. Use valid format strings
Page:
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
Page:
CON40-C. Do not refer to an atomic variable twice in an expression
Page:
EXP30-C. Do not depend on the order of evaluation for side effects
Page:
EXP36-C. Do not cast pointers into more strictly aligned pointer types
Page:
MSC37-C. Ensure that control never reaches the end of a non-void function
Page:
POS01-C. Check for the existence of links when dealing with files
Page:
STR38-C. Do not confuse narrow and wide character strings and functions
Page:
ERR04-C. Choose an appropriate termination strategy
Page:
MEM30-C. Do not access freed memory
Page:
PRE31-C. Avoid side effects in arguments to unsafe macros
Page:
CON02-C. Do not use volatile as a synchronization primitive
Page:
INT32-C. Ensure that operations on signed integers do not result in overflow
Page:
MSC39-C. Do not call va_arg() on a va_list that has an indeterminate value
Page:
INT08-C. Verify that all integer values are in range
Page:
FIO42-C. Close files when they are no longer needed
Page:
DCL30-C. Declare objects with appropriate storage durations
Page:
MSC41-C. Never hard code sensitive information
Page:
FLP34-C. Ensure that floating-point conversions are within range of the new type
Page:
EXP08-C. Ensure pointer arithmetic is used correctly
Page:
EXP33-C. Do not read uninitialized memory
Page:
EXP47-C. Do not call va_arg with an argument of the incorrect type
Page:
FIO21-C. Do not create temporary files in shared directories
Page:
STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
Page:
EXP00-C. Use parentheses for precedence of operation
Page:
INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors
Page:
STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string
Page:
CON05-C. Do not perform operations that can block while holding a lock
Page:
ERR32-C. Do not rely on indeterminate values of errno
Page:
PRE30-C. Do not create a universal character name through concatenation
Page:
MSC11-C. Incorporate diagnostic tests using assertions
Page:
STR37-C. Arguments to character-handling functions must be representable as an unsigned char
Page:
DCL31-C. Declare identifiers before using them
Page:
FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call
Page:
INT36-C. Converting a pointer to integer or integer to pointer
Page:
INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand
Page:
EXP40-C. Do not modify constant objects
Page:
MEM03-C. Clear sensitive information stored in reusable resources
Page:
POS52-C. Do not perform operations that can block while holding a POSIX lock
Page:
ARR38-C. Guarantee that library functions do not form invalid pointers
Page:
MEM04-C. Beware of zero-length allocations
Page:
MEM31-C. Free dynamically allocated memory when no longer needed
Page:
MSC07-C. Detect and remove dead code
Page:
MEM05-C. Avoid large stack allocations
Page:
MEM34-C. Only free memory allocated dynamically
Page:
MEM35-C. Allocate sufficient memory for an object
Page:
MEM10-C. Define and use a pointer validation function
Page:
MSC20-C. Do not use a switch statement to transfer control into a complex block
Page:
MSC25-C. Do not use insecure or weak cryptographic algorithms
Page:
MSC01-C. Strive for logical completeness
Page:
MSC30-C. Do not use the rand() function for generating pseudorandom numbers
Page:
DCL39-C. Avoid information leakage when passing a structure across a trust boundary
Page:
DCL40-C. Do not create incompatible declarations of the same function or object
Page:
EXP34-C. Do not dereference null pointers
Page:
ENV30-C. Do not modify the object referenced by the return value of certain functions
Page:
EXP37-C. Call functions with the correct number and type of arguments
Page:
MSC18-C. Be careful while handling sensitive data, such as passwords, in program code
Page:
EXP12-C. Do not ignore values returned by functions
Hierarchy
Parent Page
Page:
EE. Analyzers
Labels
Global Labels (1)
analyzer
Recent Changes
Time
Editor
Aug 13, 2025 05:51
David Svoboda
View Changes
Aug 06, 2025 17:31
David Svoboda
View Changes
Jul 24, 2025 13:31
David Svoboda
View Changes
Jul 02, 2025 05:53
Francesco Mariani
View Changes
Jun 30, 2025 06:24
Francesco Mariani
View Page History
Outgoing Links
External Links (42)
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
SEI CERT C Coding Standard (1)
Page:
Security Reviewer - Static Reviewer_V
Overview
Content Tools
{"serverDuration": 132, "requestCorrelationId": "d2ef8c347c83146e"}
