SEI CERT C Coding Standard

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 37 Next »

Enumeration types in C map to integers. The normal expectation is that each enumeration type member is distinct. However, there are some nonobvious errors that are commonly made that cause multiple enumeration type members to have the same value.

Noncompliant Code Example

In this noncompliant code example, enumeration type members are assigned explicit values:

enum {red=4, orange, yellow, green, blue, indigo=6, violet};

It may not be obvious to the programmer (though it is fully specified in the language) that yellow and indigo have been declared to be identical values (6), as are green and violet (7).

Compliant Solution

Enumeration type declarations must do one of the following:

  • provide no explicit integer assignments, as in this example:
enum {red, orange, yellow, green, blue, indigo, violet};
  • assign a value to the first member only (the rest are then sequential), as in this example:
enum {red=4, orange, yellow, green, blue, indigo, violet};
  • assign a value to all members so any equivalence is explicit, as in this example:
enum {
  red=4, 
  orange=5, 
  yellow=6, 
  green=7, 
  blue=8, 
  indigo=6, 
  violet=7
};

It is also advisable to provide a comment explaining why multiple enumeration type members are being assigned the same value so that future maintainers don't mistakenly identify this as an error.

Of these three options, the first — "provide no explicit integer assignments" — is the simplest, and consequently the preferred, approach in the typical case.

Risk Assessment

Failing to ensure that constants within an enumeration have unique values can result in unexpected results.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

INT09-C

low

probable

medium

P4

L3

Automated Detection

The LDRA tool suite V 7.6.0 can detect violations of this recommendation.

Compass/ROSE can detect violations of this recommendation.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

This rule appears in the C++ Secure Coding Standard as INT09-CPP. Ensure enumeration constants map to unique values.

References

[[ISO/IEC 9899:1999]] Section 6.7.2.2, "Enumeration specifiers"
[[ISO/IEC PDTR 24772]] "CCB Enumerator issues"
[[MISRA 04]] Rule 9.3

      04. Integers (INT)      INT11-C. Take care when converting from pointer to integer or integer to pointer

  • No labels