You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 106 Next »

This page was automatically generated and should not be edited.

The information on this page was provided by outside contributors and has not been verified by SEI CERT.

The table below can be re-ordered, by clicking column headers.

Tool Version: 2025.2

Checker

Guideline

ABV.ANY_SIZE_ARRAY ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
ABV.ANY_SIZE_ARRAY ARR00-C. Understand how arrays work
ABV.ANY_SIZE_ARRAY ENV01-C. Do not make assumptions about the size of an environment variable
ABV.GENERAL ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
ABV.GENERAL ARR38-C. Guarantee that library functions do not form invalid pointers
ABV.GENERAL POS30-C. Use the readlink() function properly
ABV.GENERAL ARR00-C. Understand how arrays work
ABV.GENERAL ENV01-C. Do not make assumptions about the size of an environment variable
ABV.GENERAL EXP08-C. Ensure pointer arithmetic is used correctly
ABV.GENERAL.MULTIDIMENSION ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
ABV.GENERAL.MULTIDIMENSION ARR38-C. Guarantee that library functions do not form invalid pointers
ABV.GENERAL.MULTIDIMENSION POS30-C. Use the readlink() function properly
ABV.GENERAL.MULTIDIMENSION ARR00-C. Understand how arrays work
ABV.GENERAL.MULTIDIMENSION ENV01-C. Do not make assumptions about the size of an environment variable
ABV.GENERAL.MULTIDIMENSION EXP08-C. Ensure pointer arithmetic is used correctly
ABV.ITERATOR ARR00-C. Understand how arrays work
ABV.ITERATOR ENV01-C. Do not make assumptions about the size of an environment variable
ABV.ITERATOR EXP08-C. Ensure pointer arithmetic is used correctly
ABV.MEMBER ARR00-C. Understand how arrays work
ABV.MEMBER ENV01-C. Do not make assumptions about the size of an environment variable
ABV.STACK ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
ABV.STACK ARR00-C. Understand how arrays work
ABV.STACK ENV01-C. Do not make assumptions about the size of an environment variable
ABV.TAINTED ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
ABV.TAINTED ARR00-C. Understand how arrays work
ABV.TAINTED ENV01-C. Do not make assumptions about the size of an environment variable
ABV.UNICODE.BOUND_MAP ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
ABV.UNICODE.BOUND_MAP ARR00-C. Understand how arrays work
ABV.UNICODE.BOUND_MAP ENV01-C. Do not make assumptions about the size of an environment variable
ABV.UNICODE.FAILED_MAP ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
ABV.UNICODE.FAILED_MAP ARR00-C. Understand how arrays work
ABV.UNICODE.FAILED_MAP ENV01-C. Do not make assumptions about the size of an environment variable
ABV.UNICODE.NNTS_MAP ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
ABV.UNICODE.NNTS_MAP ARR00-C. Understand how arrays work
ABV.UNICODE.NNTS_MAP ENV01-C. Do not make assumptions about the size of an environment variable
ABV.UNICODE.SELF_MAP ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
ABV.UNICODE.SELF_MAP ARR00-C. Understand how arrays work
ABV.UNICODE.SELF_MAP ENV01-C. Do not make assumptions about the size of an environment variable
ABV.UNKNOWN_SIZE ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
ABV.UNKNOWN_SIZE ARR00-C. Understand how arrays work
ABV.UNKNOWN_SIZE ENV01-C. Do not make assumptions about the size of an environment variable
ASSIGCOND.CALL EXP45-C. Do not perform assignments in selection statements
ASSIGCOND.GEN EXP45-C. Do not perform assignments in selection statements
AUTOSAR.STDLIB.CCTYPE.UCHAR STR37-C. Arguments to character-handling functions must be representable as an unsigned char
AUTOSAR.STDLIB.MEMORY MEM36-C. Do not modify the alignment of objects by calling realloc()
BYTEORDER.HTON.SEND POS39-C. Use the correct byte ordering when transferring data between systems
BYTEORDER.HTON.WRITE POS39-C. Use the correct byte ordering when transferring data between systems
BYTEORDER.NTOH.READ POS39-C. Use the correct byte ordering when transferring data between systems
BYTEORDER.NTOH.RECV POS39-C. Use the correct byte ordering when transferring data between systems
CERT.CONC.ATOMIC_COMP_FAIL_IN_LOOP CON41-C. Wrap functions that can fail spuriously in a loop
CERT.CONC.ATOMIC_TWICE_EXPR CON40-C. Do not refer to an atomic variable twice in an expression
CERT.CONC.LIB_FUNC_USE CON33-C. Avoid race conditions when using library functions
CERT.CONC.UNSAFE_COND_VAR_C CON38-C. Preserve thread safety and liveness when using condition variables
CERT.CONC.WAKE_IN_LOOP_C CON36-C. Wrap functions that can spuriously wake up in a loop
CERT.DCL.SWITCH.VAR_BEFORE_CASE DCL41-C. Do not declare variables inside a switch statement before the first case label
CERT.ERR.CONV.STR_TO_NUM ERR34-C. Detect errors when converting a string to a number
CERT.EXIT.HANDLER_TERMINATE ENV32-C. All exit handlers must return normally
CERT.EXPR.PARENS EXP00-C. Use parentheses for precedence of operation
CERT.EXPR.VOLATILE.ADDR EXP32-C. Do not access a volatile object through a nonvolatile reference
CERT.EXPR.VOLATILE.ADDR.PARAM EXP32-C. Do not access a volatile object through a nonvolatile reference
CERT.EXPR.VOLATILE.PTRPTR EXP32-C. Do not access a volatile object through a nonvolatile reference
CERT.FIO.NO_FLUSH FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call
CERT.FSETPOS.VALUE FIO44-C. Only use values for fsetpos() that are returned from fgetpos()
CERT.MEMCMP.FLOAT_MEMBER FLP37-C. Do not use object representations to compare floating-point values
CERT.MSC.ASCTIME MSC33-C. Do not pass invalid data to the asctime() function
CERT.MSC.SEED_RANDOM MSC32-C. Properly seed pseudorandom number generators
CERT.MSC.STD_RAND_CALL MSC30-C. Do not use the rand() function for generating pseudorandom numbers
CERT.POS.THREAD.ASYNC_CANCEL POS47-C. Do not use threads that can be canceled asynchronously
CERT.PUTENV.AUTO_VARIABLE POS34-C. Do not call putenv() with a pointer to an automatic variable as the argument
CERT.STDLIB.SIGNAL SIG35-C. Do not return from a computational exception signal handler
CERT.STR.ARG.CONST_TO_NONCONST STR30-C. Do not attempt to modify string literals
CERT.STR.ASSIGN.CONST_TO_NONCONST STR30-C. Do not attempt to modify string literals
CERT.STR.ASSIGN.CONST_TO_NONCONST POS35-C. Avoid race conditions while checking for the existence of a symbolic link
CERT.STRUCT.FLEXIBLE_ARRAY_MEMBER DCL38-C. Use the correct syntax when declaring a flexible array member
CERT.VA_ARG.TYPE EXP47-C. Do not call va_arg with an argument of the incorrect type
CL.FFM.ASSIGN MEM31-C. Free dynamically allocated memory when no longer needed
CL.FFM.COPY MEM31-C. Free dynamically allocated memory when no longer needed
CL.SHALLOW.ASSIGN MEM31-C. Free dynamically allocated memory when no longer needed
CL.SHALLOW.COPY MEM31-C. Free dynamically allocated memory when no longer needed
CONC.DL CON35-C. Avoid deadlock by locking in a predefined order
CONC.DL POS51-C. Avoid deadlock with POSIX threads by locking in predefined order
CONC.NO_UNLOCK CON35-C. Avoid deadlock by locking in a predefined order
CONC.NO_UNLOCK POS51-C. Avoid deadlock with POSIX threads by locking in predefined order
CONC.SLEEP POS52-C. Do not perform operations that can block while holding a POSIX lock
CONC.SLEEP CON05-C. Do not perform operations that can block while holding a lock
CWARN.CMPCHR.EOF FIO34-C. Distinguish between characters read from a file and EOF or WEOF
CWARN.EMPTY.LABEL MSC01-C. Strive for logical completeness
CWARN.FUNCADDR EXP16-C. Do not compare function pointers to constant values
CWARN.IMPLICITINT DCL31-C. Declare identifiers before using them
CWARN.MEMSET.SIZEOF.PTR ARR01-C. Do not apply the sizeof operator to a pointer when taking the size of an array
CWARN.NOEFFECT.OUTOFRANGE INT30-C. Ensure that unsigned integer operations do not wrap
CWARN.NOEFFECT.OUTOFRANGE INT32-C. Ensure that operations on signed integers do not result in overflow
CWARN.NOEFFECT.SELF_ASSIGN MSC12-C. Detect and remove code that has no effect or is never executed
CWARN.NOEFFECT.UCMP.GE MSC12-C. Detect and remove code that has no effect or is never executed
CWARN.NOEFFECT.UCMP.GE.MACRO MSC12-C. Detect and remove code that has no effect or is never executed
CWARN.NOEFFECT.UCMP.LT MSC12-C. Detect and remove code that has no effect or is never executed
CWARN.NOEFFECT.UCMP.LT.MACRO MSC12-C. Detect and remove code that has no effect or is never executed
CWARN.NULLCHECK.FUNCNAME EXP16-C. Do not compare function pointers to constant values
CWARN.NULLCHECK.FUNCNAME MSC12-C. Detect and remove code that has no effect or is never executed
CXX.CAST.SIGNED_CHAR_TO_INTEGER STR34-C. Cast characters to unsigned char before converting to larger integer sizes
CXX.DIFF.WIDTH.STR_AND_FUNC STR38-C. Do not confuse narrow and wide character strings and functions
CXX.ERRNO.INCORRECTLY_CHECKED ERR30-C. Take care when reading errno
CXX.ERRNO.NOT_CHECKED ERR30-C. Take care when reading errno
CXX.ERRNO.NOT_SET ERR30-C. Take care when reading errno
CXX.ID_VIS.GLOBAL_VARIABLE.EXTERN DCL19-C. Minimize the scope of variables and functions
CXX.ID_VIS.GLOBAL_VARIABLE.STATIC DCL19-C. Minimize the scope of variables and functions
DBZ.CONST INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors
DBZ.CONST.CALL INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors
DBZ.GENERAL INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors
DBZ.ITERATOR INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors
DBZ.ITERATOR.CALL INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors
EFFECT MSC12-C. Detect and remove code that has no effect or is never executed
FMM.MIGHT MEM31-C. Free dynamically allocated memory when no longer needed
FMM.MIGHT WIN30-C. Properly pair allocation and deallocation functions
FMM.MUST MEM31-C. Free dynamically allocated memory when no longer needed
FMM.MUST WIN30-C. Properly pair allocation and deallocation functions
FNH.MIGHT MEM34-C. Only free memory allocated dynamically
FNH.MIGHT MEM00-C. Allocate and free memory in the same module, at the same level of abstraction
FNH.MUST MEM34-C. Only free memory allocated dynamically
FNH.MUST MEM00-C. Allocate and free memory in the same module, at the same level of abstraction
FREE.INCONSISTENT MEM00-C. Allocate and free memory in the same module, at the same level of abstraction
FUM.GEN.MIGHT MEM00-C. Allocate and free memory in the same module, at the same level of abstraction
FUM.GEN.MUST MEM00-C. Allocate and free memory in the same module, at the same level of abstraction
FUNCRET.GEN MSC37-C. Ensure that control never reaches the end of a non-void function
FUNCRET.IMPLICIT MSC37-C. Ensure that control never reaches the end of a non-void function
HCC MSC41-C. Never hard code sensitive information
HCC.PWD MSC41-C. Never hard code sensitive information
HCC.USER MSC41-C. Never hard code sensitive information
INCORRECT.ALLOC_SIZE MEM35-C. Allocate sufficient memory for an object
INFINITE_LOOP.GLOBAL MSC01-C. Strive for logical completeness
INFINITE_LOOP.LOCAL MSC01-C. Strive for logical completeness
INFINITE_LOOP.MACRO MSC01-C. Strive for logical completeness
INVARIANT_CONDITION.UNREACH MSC07-C. Detect and remove dead code
INVARIANT_CONDITION.UNREACH MSC12-C. Detect and remove code that has no effect or is never executed
LA_UNUSED MSC01-C. Strive for logical completeness
LA_UNUSED MSC07-C. Detect and remove dead code
LA_UNUSED MSC12-C. Detect and remove code that has no effect or is never executed
LOCRET.ARG DCL30-C. Declare objects with appropriate storage durations
LOCRET.GLOB DCL30-C. Declare objects with appropriate storage durations
LOCRET.RET DCL30-C. Declare objects with appropriate storage durations
LV_UNUSED.GEN MSC13-C. Detect and remove unused values
MISRA.ARRAY.VAR_LENGTH.2012 ARR32-C. Ensure size arguments for variable length arrays are in a valid range
MISRA.ASSIGN.COND EXP45-C. Do not perform assignments in selection statements
MISRA.BITFIELD.TYPE INT12-C. Do not make assumptions about the type of a plain int bit-field when used in an expression
MISRA.BITS.NOT_UNSIGNED INT13-C. Use bitwise operators only on unsigned operands
MISRA.BITS.NOT_UNSIGNED.PREP INT13-C. Use bitwise operators only on unsigned operands
MISRA.CAST.FLOAT.INT FLP34-C. Ensure that floating-point conversions are within range of the new type
MISRA.CAST.FLOAT.WIDER FLP34-C. Ensure that floating-point conversions are within range of the new type
MISRA.CAST.FUNC_PTR.2012 EXP39-C. Do not access a variable through a pointer of an incompatible type
MISRA.CAST.FUNC_PTR.2012 DCL07-C. Include the appropriate type information in function declarators
MISRA.CAST.INCOMPLETE_PTR_TO_ANY.2012 EXP39-C. Do not access a variable through a pointer of an incompatible type
MISRA.CAST.INT INT02-C. Understand integer conversion rules
MISRA.CAST.INT_FLOAT FLP34-C. Ensure that floating-point conversions are within range of the new type
MISRA.CAST.OBJ_PTR_TO_INT.2012 INT36-C. Converting a pointer to integer or integer to pointer
MISRA.CAST.OBJ_PTR_TO_NON_INT.2012 EXP39-C. Do not access a variable through a pointer of an incompatible type
MISRA.CAST.OBJ_PTR_TO_OBJ_PTR.2012 EXP36-C. Do not cast pointers into more strictly aligned pointer types
MISRA.CAST.OBJ_PTR_TO_OBJ_PTR.2012 EXP39-C. Do not access a variable through a pointer of an incompatible type
MISRA.CAST.UNSIGNED_BITS INT02-C. Understand integer conversion rules
MISRA.CONV.FLOAT FLP34-C. Ensure that floating-point conversions are within range of the new type
MISRA.CONV.INT.SIGN INT02-C. Understand integer conversion rules
MISRA.CVALUE.IMPL.CAST INT02-C. Understand integer conversion rules
MISRA.DECL.NO_TYPE DCL31-C. Declare identifiers before using them
MISRA.DEFINE.BADEXP PRE02-C. Macro replacement lists should be parenthesized
MISRA.DEFINE.BADEXP PRE10-C. Wrap multistatement macros in a do-while loop
MISRA.DEFINE.FUNC PRE00-C. Prefer inline or static functions to function-like macros
MISRA.DEFINE.NOPARS PRE01-C. Use parentheses within macros around parameter names
MISRA.DEFINE.SHARP PRE30-C. Do not create a universal character name through concatenation
MISRA.DEFINE.SHARP.ORDER.2012 PRE05-C. Understand macro replacement when concatenating tokens or performing stringification
MISRA.DEFINE.WRONGNAME.UNDERSCORE DCL37-C. Do not declare or define a reserved identifier
MISRA.ENUM.IMPLICIT.VAL.NON_UNIQUE.2012 INT09-C. Ensure enumeration constants map to unique values
MISRA.ETYPE.ASSIGN.2012 STR37-C. Arguments to character-handling functions must be representable as an unsigned char
MISRA.EXPANSION.DIRECTIVE PRE32-C. Do not use preprocessor directives in invocations of function-like macros
MISRA.FILE_PTR.DEREF.2012 FIO38-C. Do not copy a FILE object
MISRA.FILE_PTR.DEREF.CAST.2012 FIO38-C. Do not copy a FILE object
MISRA.FILE_PTR.DEREF.INDIRECT.2012 FIO38-C. Do not copy a FILE object
MISRA.FILE_PTR.DEREF.RETURN.2012 FIO38-C. Do not copy a FILE object
MISRA.FOR.COUNTER.FLT FLP30-C. Do not use floating-point variables as loop counters
MISRA.FUNC.NO_PARAMS DCL20-C. Explicitly specify void when a function accepts no arguments
MISRA.FUNC.NOPROT.CALL DCL31-C. Declare identifiers before using them
MISRA.FUNC.NOPROT.DEF DCL07-C. Include the appropriate type information in function declarators
MISRA.FUNC.NOPROT.DEF.2012 DCL40-C. Do not create incompatible declarations of the same function or object
MISRA.FUNC.PARAMS.IDENT DCL40-C. Do not create incompatible declarations of the same function or object
MISRA.FUNC.PROT_FORM.KR.2012 DCL07-C. Include the appropriate type information in function declarators
MISRA.FUNC.RECUR MEM05-C. Avoid large stack allocations
MISRA.FUNC.STATIC.REDECL DCL36-C. Do not declare an identifier with conflicting linkage classifications
MISRA.FUNC.STATIC.REDECL MSC40-C. Do not violate constraints
MISRA.FUNC.UNMATCHED.PARAMS EXP37-C. Call functions with the correct number and type of arguments
MISRA.FUNC.UNUSEDRET.2012 EXP12-C. Do not ignore values returned by functions
MISRA.FUNC.VARARG DCL11-C. Understand the type issues associated with variadic functions
MISRA.IDENT.DISTINCT.C99.2012 DCL23-C. Guarantee that mutually visible identifiers are unique
MISRA.IF.NO_COMPOUND EXP19-C. Use braces for the body of an if, for, or while statement
MISRA.IF.NO_ELSE MSC01-C. Strive for logical completeness
MISRA.INCGUARD PRE06-C. Enclose header files in an include guard
MISRA.INCL.SIGNAL.2012 ERR32-C. Do not rely on indeterminate values of errno
MISRA.INCL.SIGNAL.2012 POS44-C. Do not use signals to terminate threads
MISRA.INCOMPLETE.STRUCT MEM33-C. Allocate and copy structures containing a flexible array member dynamically
MISRA.INCR_DECR.OTHER EXP30-C. Do not depend on the order of evaluation for side effects
MISRA.LOGIC.OPERATOR.NOT_BOOL EXP46-C. Do not use a bitwise operator with a Boolean-like operand
MISRA.LOGIC.SIDEEFF EXP02-C. Be aware of the short-circuit behavior of the logical AND and OR operators
MISRA.MEMB.FLEX_ARRAY.2012 MEM33-C. Allocate and copy structures containing a flexible array member dynamically
MISRA.PPARAM.NEEDS.CONST DCL13-C. Declare function parameters that are pointers to values not changed by the function as const
MISRA.PTR.ARITH ARR36-C. Do not subtract or compare two pointers that do not refer to the same array
MISRA.PTR.ARITH.2012 ARR37-C. Do not add or subtract an integer to a pointer to a non-array object
MISRA.PTR.ARITH.2012 ARR39-C. Do not add or subtract a scaled integer to a pointer
MISRA.SHIFT.RANGE.2012 INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand
MISRA.SIZEOF.SIDE_EFFECT EXP44-C. Do not rely on side effects in operands to sizeof, _Alignof, or _Generic
MISRA.STDLIB.ATOI ERR34-C. Detect errors when converting a string to a number
MISRA.STDLIB.CTYPE.RANGE.2012_AMD1 ENV30-C. Do not modify the object referenced by the return value of certain functions
MISRA.STDLIB.ILLEGAL_REUSE.2012_AMD1 ENV30-C. Do not modify the object referenced by the return value of certain functions
MISRA.STDLIB.ILLEGAL_REUSE.2012_AMD1 ENV34-C. Do not store pointers returned by certain functions
MISRA.STDLIB.ILLEGAL_WRITE.2012_AMD1 ENV30-C. Do not modify the object referenced by the return value of certain functions
MISRA.STDLIB.MEMCMP.PTR_ARG_TYPES EXP42-C. Do not compare padding data
MISRA.STDLIB.MEMCMP.PTR_ARG_TYPES FLP37-C. Do not use object representations to compare floating-point values
MISRA.STDLIB.SIGNAL SIG34-C. Do not call signal() from within interruptible signal handlers
MISRA.STDLIB.SIGNAL ERR32-C. Do not rely on indeterminate values of errno
MISRA.STDLIB.SIGNAL CON37-C. Do not call signal() in a multithreaded program
MISRA.STDLIB.WRONGNAME DCL37-C. Do not declare or define a reserved identifier
MISRA.STDLIB.WRONGNAME.UNDERSCORE DCL37-C. Do not declare or define a reserved identifier
MISRA.STMT.NO_COMPOUND EXP19-C. Use braces for the body of an if, for, or while statement
MISRA.STMT.NO_EFFECT MSC12-C. Detect and remove code that has no effect or is never executed
MISRA.STRING_LITERAL.NON_CONST.2012 STR05-C. Use pointers to const when referring to string literals
MISRA.SWITCH.WELL_FORMED.BREAK.2012 MSC17-C. Finish every set of statements associated with a case label with a break statement
MISRA.SWITCH.WELL_FORMED.DEFAULT.2012 MSC01-C. Strive for logical completeness
MISRA.TOKEN.OCTAL.ESCAPE DCL18-C. Do not begin integer constants with 0 when specifying a decimal value
MISRA.TOKEN.OCTAL.INT DCL18-C. Do not begin integer constants with 0 when specifying a decimal value
MISRA.TYPE.RESTRICT.QUAL.2012 EXP43-C. Avoid undefined behavior when using restrict-qualified pointers
MISRA.UMINUS.UNSIGNED INT02-C. Understand integer conversion rules
MISRA.VAR.HIDDEN DCL01-C. Do not reuse variable names in subscopes
MISRA.VAR.MIN.VIS DCL19-C. Minimize the scope of variables and functions
MLK.MIGHT MEM00-C. Allocate and free memory in the same module, at the same level of abstraction
MLK.MIGHT MEM12-C. Consider using a goto chain when leaving a function on error when using and releasing resources
MLK.MUST MEM00-C. Allocate and free memory in the same module, at the same level of abstraction
MLK.MUST MEM12-C. Consider using a goto chain when leaving a function on error when using and releasing resources
MLK.RET.MIGHT MEM00-C. Allocate and free memory in the same module, at the same level of abstraction
MLK.RET.MIGHT MEM12-C. Consider using a goto chain when leaving a function on error when using and releasing resources
MLK.RET.MUST MEM00-C. Allocate and free memory in the same module, at the same level of abstraction
MLK.RET.MUST MEM12-C. Consider using a goto chain when leaving a function on error when using and releasing resources
NNTS.MIGHT ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
NNTS.MIGHT STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string
NNTS.MIGHT ARR00-C. Understand how arrays work
NNTS.MIGHT STR03-C. Do not inadvertently truncate a string
NNTS.MUST ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
NNTS.MUST STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string
NNTS.MUST ARR00-C. Understand how arrays work
NNTS.MUST STR03-C. Do not inadvertently truncate a string
NNTS.TAINTED ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
NNTS.TAINTED ARR00-C. Understand how arrays work
NNTS.TAINTED STR02-C. Sanitize data passed to complex subsystems
NPD.CHECK.CALL.MIGHT EXP34-C. Do not dereference null pointers
NPD.CHECK.CALL.MUST EXP34-C. Do not dereference null pointers
NPD.CHECK.MIGHT EXP34-C. Do not dereference null pointers
NPD.CHECK.MUST EXP34-C. Do not dereference null pointers
NPD.CHECK.MUST ERR33-C. Detect and handle standard library errors
NPD.CONST.CALL EXP34-C. Do not dereference null pointers
NPD.CONST.DEREF EXP34-C. Do not dereference null pointers
NPD.FUNC.CALL.MIGHT EXP34-C. Do not dereference null pointers
NPD.FUNC.CALL.MIGHT ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
NPD.FUNC.CALL.MUST EXP34-C. Do not dereference null pointers
NPD.FUNC.MIGHT EXP34-C. Do not dereference null pointers
NPD.FUNC.MUST EXP34-C. Do not dereference null pointers
NPD.FUNC.MUST ERR33-C. Detect and handle standard library errors
NPD.GEN.CALL.MIGHT EXP34-C. Do not dereference null pointers
NPD.GEN.CALL.MUST EXP34-C. Do not dereference null pointers
NPD.GEN.MIGHT EXP34-C. Do not dereference null pointers
NPD.GEN.MUST EXP34-C. Do not dereference null pointers
NUM.OVERFLOW INT30-C. Ensure that unsigned integer operations do not wrap
NUM.OVERFLOW INT32-C. Ensure that operations on signed integers do not result in overflow
NUM.OVERFLOW.DF INT30-C. Ensure that unsigned integer operations do not wrap
NUM.OVERFLOW.DF INT32-C. Ensure that operations on signed integers do not result in overflow
PORTING.CAST.FLTPNT FLP36-C. Preserve precision when converting integral values to floating-point type
PORTING.CAST.SIZE INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
PORTING.CAST.SIZE INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
PORTING.SIGNED.CHAR INT07-C. Use only explicitly signed or unsigned char type for numeric values
PORTING.STORAGE.STRUCT DCL39-C. Avoid information leakage when passing a structure across a trust boundary
PORTING.VAR.EFFECTS PRE31-C. Avoid side effects in arguments to unsafe macros
PORTING.VAR.EFFECTS EXP30-C. Do not depend on the order of evaluation for side effects
PRECISION.LOSS INT02-C. Understand integer conversion rules
RETVOID.IMPLICIT DCL31-C. Declare identifiers before using them
RH.LEAK FIO42-C. Close files when they are no longer needed
RH.LEAK FIO22-C. Close files before spawning processes
RH.LEAK MEM00-C. Allocate and free memory in the same module, at the same level of abstraction
RH.LEAK MEM12-C. Consider using a goto chain when leaving a function on error when using and releasing resources
RNPD.CALL EXP34-C. Do not dereference null pointers
RNPD.DEREF EXP34-C. Do not dereference null pointers
SEMICOL EXP15-C. Do not place a semicolon on the same line as an if, for, or while statement
SV.BANNED.RECOMMENDED.SCANF ERR34-C. Detect errors when converting a string to a number
SV.BRM.HKEY_LOCAL_MACHINE POS02-C. Follow the principle of least privilege
SV.CODE_INJECTION.SHELL_EXEC ENV33-C. Do not call system()
SV.DLLPRELOAD.NONABSOLUTE.DLL FIO02-C. Canonicalize path names originating from tainted sources
SV.DLLPRELOAD.NONABSOLUTE.DLL WIN00-C. Be specific when dynamically loading libraries
SV.DLLPRELOAD.NONABSOLUTE.EXE WIN00-C. Be specific when dynamically loading libraries
SV.DLLPRELOAD.SEARCHPATH WIN00-C. Be specific when dynamically loading libraries
SV.FMT_STR.BAD_SCAN_FORMAT STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD FIO47-C. Use valid format strings
SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD DCL11-C. Understand the type issues associated with variadic functions
SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED FIO47-C. Use valid format strings
SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED DCL11-C. Understand the type issues associated with variadic functions
SV.FMT_STR.PRINT_IMPROP_LENGTH FIO47-C. Use valid format strings
SV.FMT_STR.PRINT_IMPROP_LENGTH DCL11-C. Understand the type issues associated with variadic functions
SV.FMT_STR.PRINT_PARAMS_WRONGNUM.FEW FIO47-C. Use valid format strings
SV.FMT_STR.PRINT_PARAMS_WRONGNUM.FEW DCL10-C. Maintain the contract between the writer and caller of variadic functions
SV.FMT_STR.PRINT_PARAMS_WRONGNUM.FEW DCL11-C. Understand the type issues associated with variadic functions
SV.FMT_STR.PRINT_PARAMS_WRONGNUM.MANY FIO47-C. Use valid format strings
SV.FMT_STR.PRINT_PARAMS_WRONGNUM.MANY DCL10-C. Maintain the contract between the writer and caller of variadic functions
SV.FMT_STR.PRINT_PARAMS_WRONGNUM.MANY DCL11-C. Understand the type issues associated with variadic functions
SV.FMT_STR.SCAN_FORMAT_MISMATCH.BAD FIO47-C. Use valid format strings
SV.FMT_STR.SCAN_FORMAT_MISMATCH.BAD DCL11-C. Understand the type issues associated with variadic functions
SV.FMT_STR.SCAN_FORMAT_MISMATCH.UNDESIRED FIO47-C. Use valid format strings
SV.FMT_STR.SCAN_FORMAT_MISMATCH.UNDESIRED DCL11-C. Understand the type issues associated with variadic functions
SV.FMT_STR.SCAN_IMPROP_LENGTH FIO47-C. Use valid format strings
SV.FMT_STR.SCAN_PARAMS_WRONGNUM.FEW FIO47-C. Use valid format strings
SV.FMT_STR.SCAN_PARAMS_WRONGNUM.FEW DCL10-C. Maintain the contract between the writer and caller of variadic functions
SV.FMT_STR.SCAN_PARAMS_WRONGNUM.MANY FIO47-C. Use valid format strings
SV.FMT_STR.SCAN_PARAMS_WRONGNUM.MANY DCL10-C. Maintain the contract between the writer and caller of variadic functions
SV.FMT_STR.UNKWN_FORMAT FIO47-C. Use valid format strings
SV.FMT_STR.UNKWN_FORMAT.SCAN DCL11-C. Understand the type issues associated with variadic functions
SV.FMTSTR.GENERIC FIO30-C. Exclude user input from format strings
SV.INCORRECT_RESOURCE_HANDLING.URH FIO46-C. Do not access a closed file
SV.RVT.RETVAL_NOTTESTED ERR33-C. Detect and handle standard library errors
SV.RVT.RETVAL_NOTTESTED POS54-C. Detect and handle POSIX library errors
SV.RVT.RETVAL_NOTTESTED EXP12-C. Do not ignore values returned by functions
SV.STRBO.BOUND_COPY.OVERFLOW ARR00-C. Understand how arrays work
SV.STRBO.BOUND_COPY.UNTERM STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string
SV.STRBO.BOUND_COPY.UNTERM ARR00-C. Understand how arrays work
SV.STRBO.BOUND_SPRINTF ARR00-C. Understand how arrays work
SV.STRBO.UNBOUND_COPY ARR00-C. Understand how arrays work
SV.STRBO.UNBOUND_SPRINTF ARR00-C. Understand how arrays work
SV.TAINTED.ALLOC_SIZE MEM35-C. Allocate sufficient memory for an object
SV.TAINTED.ALLOC_SIZE ARR00-C. Understand how arrays work
SV.TAINTED.ALLOC_SIZE INT04-C. Enforce limits on integer values originating from tainted sources
SV.TAINTED.BINOP INT04-C. Enforce limits on integer values originating from tainted sources
SV.TAINTED.CALL.BINOP INT04-C. Enforce limits on integer values originating from tainted sources
SV.TAINTED.CALL.INDEX_ACCESS ARR00-C. Understand how arrays work
SV.TAINTED.CALL.INDEX_ACCESS INT04-C. Enforce limits on integer values originating from tainted sources
SV.TAINTED.CALL.LOOP_BOUND ARR00-C. Understand how arrays work
SV.TAINTED.CALL.LOOP_BOUND INT04-C. Enforce limits on integer values originating from tainted sources
SV.TAINTED.FMTSTR FIO30-C. Exclude user input from format strings
SV.TAINTED.INDEX_ACCESS ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
SV.TAINTED.INDEX_ACCESS ARR00-C. Understand how arrays work
SV.TAINTED.INDEX_ACCESS INT04-C. Enforce limits on integer values originating from tainted sources
SV.TAINTED.INJECTION STR02-C. Sanitize data passed to complex subsystems
SV.TAINTED.LOOP_BOUND ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
SV.TAINTED.LOOP_BOUND ARR00-C. Understand how arrays work
SV.TAINTED.LOOP_BOUND INT04-C. Enforce limits on integer values originating from tainted sources
SV.TOCTOU.FILE_ACCESS FIO45-C. Avoid TOCTOU race conditions while accessing files
SV.TOCTOU.FILE_ACCESS POS35-C. Avoid race conditions while checking for the existence of a symbolic link
SV.TOCTOU.FILE_ACCESS FIO01-C. Be careful using functions that use file names for identification
SV.TOCTOU.FILE_ACCESS FIO02-C. Canonicalize path names originating from tainted sources
SV.UNBOUND_STRING_INPUT.CIN ARR00-C. Understand how arrays work
SV.UNBOUND_STRING_INPUT.FUNC STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
SV.UNBOUND_STRING_INPUT.FUNC ARR00-C. Understand how arrays work
SV.USAGERULES.PERMISSIONS POS36-C. Observe correct revocation order while relinquishing privileges
SV.USAGERULES.PERMISSIONS POS37-C. Ensure that privilege relinquishment is successful
SV.USAGERULES.PERMISSIONS POS02-C. Follow the principle of least privilege
UFM.DEREF.MIGHT MEM30-C. Do not access freed memory
UFM.DEREF.MIGHT MEM00-C. Allocate and free memory in the same module, at the same level of abstraction
UFM.DEREF.MUST MEM30-C. Do not access freed memory
UFM.DEREF.MUST MEM00-C. Allocate and free memory in the same module, at the same level of abstraction
UFM.FFM.MIGHT MEM30-C. Do not access freed memory
UFM.FFM.MIGHT MEM00-C. Allocate and free memory in the same module, at the same level of abstraction
UFM.FFM.MUST MEM30-C. Do not access freed memory
UFM.FFM.MUST MEM00-C. Allocate and free memory in the same module, at the same level of abstraction
UFM.RETURN.MIGHT MEM30-C. Do not access freed memory
UFM.RETURN.MIGHT MEM00-C. Allocate and free memory in the same module, at the same level of abstraction
UFM.RETURN.MUST MEM30-C. Do not access freed memory
UFM.RETURN.MUST MEM00-C. Allocate and free memory in the same module, at the same level of abstraction
UFM.USE.MIGHT MEM30-C. Do not access freed memory
UFM.USE.MIGHT MEM00-C. Allocate and free memory in the same module, at the same level of abstraction
UFM.USE.MUST MEM30-C. Do not access freed memory
UFM.USE.MUST MEM00-C. Allocate and free memory in the same module, at the same level of abstraction
UNINIT.HEAP.MIGHT EXP33-C. Do not read uninitialized memory
UNINIT.HEAP.MUST EXP33-C. Do not read uninitialized memory
UNINIT.STACK.ARRAY.MIGHT EXP33-C. Do not read uninitialized memory
UNINIT.STACK.ARRAY.MUST EXP33-C. Do not read uninitialized memory
UNINIT.STACK.ARRAY.PARTIAL.MUST EXP33-C. Do not read uninitialized memory
UNINIT.STACK.MIGHT EXP33-C. Do not read uninitialized memory
UNINIT.STACK.MUST EXP33-C. Do not read uninitialized memory
UNREACH.ENUM MSC07-C. Detect and remove dead code
UNREACH.ENUM MSC12-C. Detect and remove code that has no effect or is never executed
UNREACH.GEN MSC07-C. Detect and remove dead code
UNREACH.GEN MSC12-C. Detect and remove code that has no effect or is never executed
UNREACH.RETURN MSC07-C. Detect and remove dead code
UNREACH.RETURN MSC12-C. Detect and remove code that has no effect or is never executed
UNREACH.SIZEOF MSC07-C. Detect and remove dead code
UNREACH.SIZEOF MSC12-C. Detect and remove code that has no effect or is never executed
VA.LIST.INDETERMINATE MSC39-C. Do not call va_arg() on a va_list that has an indeterminate value
VA_UNUSED.GEN MSC12-C. Detect and remove code that has no effect or is never executed
VA_UNUSED.GEN MSC13-C. Detect and remove unused values
VA_UNUSED.INIT MSC12-C. Detect and remove code that has no effect or is never executed
VA_UNUSED.INIT MSC13-C. Detect and remove unused values
  • No labels