Title: Unknown Applicability (C Rules/Recomendations)  
Author: Sandy Shrum May 07, 2015
Last Changed by: Sandy Shrum May 07, 2015
Tiny Link: (useful for email) https://wiki.sei.cmu.edu/confluence/x/bNAxBQ
Export As: Word · PDF  
Hierarchy
Parent Page
    Page: C Coding Language
Labels
Global Labels (2)
Outgoing Links
External Links (3)
    stackoverflow.com/questions/2421826/what
    https://www.securecoding.cert.org/confluence/display/seccod…
    developer.android.com/guide/practices/verifying-apps-art.ht…
SEI CERT C Coding Standard (86)     Page: API01-C. Avoid laying out strings in memory directly before sensitive data
    Page: CON38-C. Preserve thread safety and liveness when using condition variables
    Page: FIO19-C. Do not use fseek() and ftell() to compute the size of a regular file
    Page: CON04-C. Join or detach threads even if their exit status is unimportant
    Page: POS50-C. Declare objects shared between POSIX threads with appropriate storage durations
    Page: STR38-C. Do not confuse narrow and wide character strings and functions
    Page: CON36-C. Wrap functions that can spuriously wake up in a loop
    Page: CON01-C. Acquire and release synchronization primitives in the same module, at the same level of abstraction
    Page: CON31-C. Do not destroy a mutex while it is locked
    Page: CON34-C. Declare objects shared between threads with appropriate storage durations
    Page: ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
    Page: FIO41-C. Do not call getc(), putc(), getwc(), or putwc() with a stream argument that has side effects
    Page: CON41-C. Wrap functions that can fail spuriously in a loop
    Page: POS39-C. Use the correct byte ordering when transferring data between systems
    Page: FIO02-C. Canonicalize path names originating from tainted sources
    Page: POS04-C. Avoid using PTHREAD_MUTEX_NORMAL type mutex locks
    Page: CON03-C. Ensure visibility when accessing shared variables
    Page: CON07-C. Ensure that compound operations on shared variables are atomic
    Page: FIO20-C. Avoid unintentional truncation when using fgets() or fgetws()
    Page: FIO08-C. Take care when calling remove() on an open file
    Page: STR34-C. Cast characters to unsigned char before converting to larger integer sizes
    Page: POS30-C. Use the readlink() function properly
    Page: FIO37-C. Do not assume that fgets() or fgetws() returns a nonempty string when successful
    Page: CON37-C. Do not call signal() in a multithreaded program
    Page: POS34-C. Do not call putenv() with a pointer to an automatic variable as the argument
    Page: FIO24-C. Do not open a file that is already open
    Page: CON32-C. Prevent data races when accessing bit-fields from multiple threads
    Page: CON06-C. Ensure that every mutex outlives the data it protects
    Page: CON05-C. Do not perform operations that can block while holding a lock
    Page: ARR01-C. Do not apply the sizeof operator to a pointer when taking the size of an array
    Page: FIO11-C. Take care when specifying the mode parameter of fopen()
    Page: POS49-C. When data must be accessed by multiple threads, provide a mutex and guarantee no adjacent data is also accessed
    Page: EXP35-C. Do not modify objects with temporary lifetime
    Page: FIO01-C. Be careful using functions that use file names for identification
    Page: FIO17-C. Do not rely on an ending null character when using fread()
    Page: ARR00-C. Understand how arrays work
    Page: CON39-C. Do not join or detach a thread that was previously joined or detached
    Page: CON30-C. Clean up thread-specific storage
    Page: FIO45-C. Avoid TOCTOU race conditions while accessing files
    Page: FIO40-C. Reset strings on fgets() or fgetws() failure
    Page: POS36-C. Observe correct revocation order while relinquishing privileges
    Page: CON02-C. Do not use volatile as a synchronization primitive
    Page: FIO46-C. Do not access a closed file
    Page: CON43-C. Do not allow data races in multithreaded code
    Page: ARR32-C. Ensure size arguments for variable length arrays are in a valid range
    Page: POS35-C. Avoid race conditions while checking for the existence of a symbolic link
    Page: FIO21-C. Do not create temporary files in shared directories
    Page: FIO42-C. Close files when they are no longer needed
    Page: ARR37-C. Do not add or subtract an integer to a pointer to a non-array object
    Page: FIO10-C. Take care when using the rename() function
    Page: POS52-C. Do not perform operations that can block while holding a POSIX lock
    Page: FIO32-C. Do not perform operations on devices that are only appropriate for files
    Page: CON33-C. Avoid race conditions when using library functions
    Page: FIO14-C. Understand the difference between text mode and binary mode with file streams
    Page: POS51-C. Avoid deadlock with POSIX threads by locking in predefined order
    Page: FIO44-C. Only use values for fsetpos() that are returned from fgetpos()
    Page: CON40-C. Do not refer to an atomic variable twice in an expression
    Page: ARR36-C. Do not subtract or compare two pointers that do not refer to the same array
    Page: FIO09-C. Be careful with binary data when transferring data across systems
    Page: FIO05-C. Identify files using multiple file attributes
    Page: POS54-C. Detect and handle POSIX library errors
    Page: FIO18-C. Never expect fwrite() to terminate the writing process at a null character
    Page: POS01-C. Check for the existence of links when dealing with files
    Page: FIO13-C. Never push back anything other than one read character
    Page: FIO06-C. Create files with appropriate access permissions
    Page: ARR39-C. Do not add or subtract a scaled integer to a pointer
    Page: CON08-C. Do not assume that a group of calls to independently atomic methods is atomic
    Page: POS05-C. Limit access to files by creating a jail
    Page: ARR38-C. Guarantee that library functions do not form invalid pointers
    Page: POS48-C. Do not unlock or destroy another POSIX thread's mutex
    Page: POS44-C. Do not use signals to terminate threads
    Page: FIO15-C. Ensure that file operations are performed in a secure directory
    Page: CON09-C. Avoid the ABA problem when using lock-free algorithms
    Page: POS53-C. Do not use more than one mutex for concurrent waiting operations on a condition variable
    Page: FIO22-C. Close files before spawning processes
    Page: CON35-C. Avoid deadlock by locking in a predefined order
    Page: POS33-C. Do not use vfork()
    Page: POS38-C. Beware of race conditions when using fork and file descriptors
    Page: FIO38-C. Do not copy a FILE object
    Page: ARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer
    Page: POS37-C. Ensure that privilege relinquishment is successful
    Page: POS47-C. Do not use threads that can be canceled asynchronously
    Page: API09-C. Compatible values should have the same type
    Page: INT36-C. Converting a pointer to integer or integer to pointer
    Page: FIO34-C. Distinguish between characters read from a file and EOF or WEOF
    Page: FIO03-C. Do not make assumptions about fopen() and file creation