Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search
Log in
Confluence
Spaces
Hit enter to search
Help
Online Help
Keyboard Shortcuts
Feed Builder
What’s new
Available Gadgets
About Confluence
Log in
Android
Pages
Boards
Space shortcuts
Dashboard
Secure Coding Home
Android
C
C++
Java
Perl
Page tree
Browse pages
Configure
Space tools
View Page
A
t
tachments (0)
Page History
Page Information
View in Hierarchy
View Source
Export to PDF
Export to Word
Pages
…
Android Secure Coding Standard
4 By Language
C Coding Language
Unknown Applicability (C Rules/Recomendations)
Page Information
Title:
Unknown Applicability (C Rules/Recomendations)
Author:
Sandy Shrum
May 07, 2015
Last Changed by:
Sandy Shrum
May 07, 2015
Tiny Link:
(useful for email)
https://wiki.sei.cmu.edu/confluence/x/bNAxBQ
Export As:
Word
·
PDF
Hierarchy
Parent Page
Page:
C Coding Language
Labels
Global Labels (2)
applicability-list
c
Recent Changes
Time
Editor
May 07, 2015 14:15
Sandy Shrum
View Changes
May 07, 2015 11:48
Sandy Shrum
View Changes
May 07, 2015 09:48
Sandy Shrum
View Changes
May 07, 2015 09:46
Sandy Shrum
View Page History
Outgoing Links
External Links (3)
stackoverflow.com/questions/2421826/what
https://www.securecoding.cert.org/confluence/display/seccod…
developer.android.com/guide/practices/verifying-apps-art.ht…
SEI CERT C Coding Standard (86)
Page:
API01-C. Avoid laying out strings in memory directly before sensitive data
Page:
CON38-C. Preserve thread safety and liveness when using condition variables
Page:
FIO19-C. Do not use fseek() and ftell() to compute the size of a regular file
Page:
POS50-C. Declare objects shared between POSIX threads with appropriate storage durations
Page:
CON04-C. Join or detach threads even if their exit status is unimportant
Page:
STR38-C. Do not confuse narrow and wide character strings and functions
Page:
CON36-C. Wrap functions that can spuriously wake up in a loop
Page:
CON31-C. Do not destroy a mutex while it is locked
Page:
CON34-C. Declare objects shared between threads with appropriate storage durations
Page:
CON01-C. Acquire and release synchronization primitives in the same module, at the same level of abstraction
Page:
FIO41-C. Do not call getc(), putc(), getwc(), or putwc() with a stream argument that has side effects
Page:
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
Page:
CON41-C. Wrap functions that can fail spuriously in a loop
Page:
POS39-C. Use the correct byte ordering when transferring data between systems
Page:
FIO02-C. Canonicalize path names originating from tainted sources
Page:
CON03-C. Ensure visibility when accessing shared variables
Page:
POS04-C. Avoid using PTHREAD_MUTEX_NORMAL type mutex locks
Page:
CON07-C. Ensure that compound operations on shared variables are atomic
Page:
FIO20-C. Avoid unintentional truncation when using fgets() or fgetws()
Page:
FIO08-C. Take care when calling remove() on an open file
Page:
STR34-C. Cast characters to unsigned char before converting to larger integer sizes
Page:
POS30-C. Use the readlink() function properly
Page:
FIO37-C. Do not assume that fgets() or fgetws() returns a nonempty string when successful
Page:
CON37-C. Do not call signal() in a multithreaded program
Page:
POS34-C. Do not call putenv() with a pointer to an automatic variable as the argument
Page:
FIO24-C. Do not open a file that is already open
Page:
CON32-C. Prevent data races when accessing bit-fields from multiple threads
Page:
CON06-C. Ensure that every mutex outlives the data it protects
Page:
void POS33-C. Do not use vfork()
Page:
CON05-C. Do not perform operations that can block while holding a lock
Page:
ARR01-C. Do not apply the sizeof operator to a pointer when taking the size of an array
Page:
FIO11-C. Take care when specifying the mode parameter of fopen()
Page:
POS49-C. When data must be accessed by multiple threads, provide a mutex and guarantee no adjacent data is also accessed
Page:
EXP35-C. Do not modify objects with temporary lifetime
Page:
FIO01-C. Be careful using functions that use file names for identification
Page:
FIO17-C. Do not rely on an ending null character when using fread()
Page:
ARR00-C. Understand how arrays work
Page:
CON39-C. Do not join or detach a thread that was previously joined or detached
Page:
CON30-C. Clean up thread-specific storage
Page:
FIO45-C. Avoid TOCTOU race conditions while accessing files
Page:
FIO40-C. Reset strings on fgets() or fgetws() failure
Page:
POS36-C. Observe correct revocation order while relinquishing privileges
Page:
CON02-C. Do not use volatile as a synchronization primitive
Page:
FIO46-C. Do not access a closed file
Page:
CON43-C. Do not allow data races in multithreaded code
Page:
ARR32-C. Ensure size arguments for variable length arrays are in a valid range
Page:
FIO42-C. Close files when they are no longer needed
Page:
POS35-C. Avoid race conditions while checking for the existence of a symbolic link
Page:
FIO21-C. Do not create temporary files in shared directories
Page:
ARR37-C. Do not add or subtract an integer to a pointer to a non-array object
Page:
FIO10-C. Take care when using the rename() function
Page:
FIO32-C. Do not perform operations on devices that are only appropriate for files
Page:
POS52-C. Do not perform operations that can block while holding a POSIX lock
Page:
CON33-C. Avoid race conditions when using library functions
Page:
FIO14-C. Understand the difference between text mode and binary mode with file streams
Page:
POS51-C. Avoid deadlock with POSIX threads by locking in predefined order
Page:
FIO44-C. Only use values for fsetpos() that are returned from fgetpos()
Page:
CON40-C. Do not refer to an atomic variable twice in an expression
Page:
ARR36-C. Do not subtract or compare two pointers that do not refer to the same array
Page:
FIO09-C. Be careful with binary data when transferring data across systems
Page:
FIO05-C. Identify files using multiple file attributes
Page:
POS54-C. Detect and handle POSIX library errors
Page:
FIO18-C. Never expect fwrite() to terminate the writing process at a null character
Page:
POS01-C. Check for the existence of links when dealing with files
Page:
FIO13-C. Never push back anything other than one read character
Page:
FIO06-C. Create files with appropriate access permissions
Page:
ARR39-C. Do not add or subtract a scaled integer to a pointer
Page:
CON08-C. Do not assume that a group of calls to independently atomic methods is atomic
Page:
POS05-C. Limit access to files by creating a jail
Page:
ARR38-C. Guarantee that library functions do not form invalid pointers
Page:
POS48-C. Do not unlock or destroy another POSIX thread's mutex
Page:
POS44-C. Do not use signals to terminate threads
Page:
FIO15-C. Ensure that file operations are performed in a secure directory
Page:
CON09-C. Avoid the ABA problem when using lock-free algorithms
Page:
POS53-C. Do not use more than one mutex for concurrent waiting operations on a condition variable
Page:
FIO22-C. Close files before spawning processes
Page:
CON35-C. Avoid deadlock by locking in a predefined order
Page:
POS38-C. Beware of race conditions when using fork and file descriptors
Page:
FIO38-C. Do not copy a FILE object
Page:
ARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer
Page:
POS37-C. Ensure that privilege relinquishment is successful
Page:
POS47-C. Do not use threads that can be canceled asynchronously
Page:
API09-C. Compatible values should have the same type
Page:
INT36-C. Converting a pointer to integer or integer to pointer
Page:
FIO34-C. Distinguish between characters read from a file and EOF or WEOF
Page:
FIO03-C. Do not make assumptions about fopen() and file creation
Overview
Content Tools
{"serverDuration": 168, "requestCorrelationId": "719e4a9c7265188b"}
