C checkers |
Guideline |
0160 |
MSC15-C. Do not depend on undefined behavior |
0179 (U) |
DCL11-C. Understand the type issues associated with variadic functions |
0179 (U) |
FIO47-C. Use valid format strings |
0180 (C99) |
FIO47-C. Use valid format strings |
0184 |
DCL10-C. Maintain the contract between the writer and caller of variadic functions |
0184 (U) |
DCL11-C. Understand the type issues associated with variadic functions |
0184 (U) |
FIO47-C. Use valid format strings |
0185 |
DCL10-C. Maintain the contract between the writer and caller of variadic functions |
0185 (U) |
DCL11-C. Understand the type issues associated with variadic functions |
0185 (U) |
FIO47-C. Use valid format strings |
0186 (U) |
DCL11-C. Understand the type issues associated with variadic functions |
0190 (U) |
FIO47-C. Use valid format strings |
0190 (U) |
DCL11-C. Understand the type issues associated with variadic functions |
0191 (U) |
DCL11-C. Understand the type issues associated with variadic functions |
0191 (U) |
FIO47-C. Use valid format strings |
0192 (U) |
DCL11-C. Understand the type issues associated with variadic functions |
0192 (U) |
FIO47-C. Use valid format strings |
0193 (U) |
DCL11-C. Understand the type issues associated with variadic functions |
0193 (U) |
FIO47-C. Use valid format strings |
0194 (U) |
FIO47-C. Use valid format strings |
0194 (U) |
DCL11-C. Understand the type issues associated with variadic functions |
0195 (U) |
DCL11-C. Understand the type issues associated with variadic functions |
0195 (U) |
FIO47-C. Use valid format strings |
0196 (U) |
FIO47-C. Use valid format strings |
0196 (U) |
DCL11-C. Understand the type issues associated with variadic functions |
0197 (U) |
DCL11-C. Understand the type issues associated with variadic functions |
0197 (U) |
FIO47-C. Use valid format strings |
0198 (U) |
DCL11-C. Understand the type issues associated with variadic functions |
0198 (U) |
FIO47-C. Use valid format strings |
0199 (U) |
DCL11-C. Understand the type issues associated with variadic functions |
0199 (U) |
FIO47-C. Use valid format strings |
0200 (U) |
DCL11-C. Understand the type issues associated with variadic functions |
0200 (U) |
FIO47-C. Use valid format strings |
0201 (U) |
FIO47-C. Use valid format strings |
0201 (U) |
DCL11-C. Understand the type issues associated with variadic functions |
0202 (I) |
FIO47-C. Use valid format strings |
0202 |
MSC14-C. Do not introduce unnecessary platform dependencies |
0206 (U) |
DCL11-C. Understand the type issues associated with variadic functions |
0206 (U) |
FIO47-C. Use valid format strings |
0206 (U) |
INT00-C. Understand the data model used by your implementation(s) |
0272 (I) |
INT08-C. Verify that all integer values are in range |
0273 (I) |
INT08-C. Verify that all integer values are in range |
0278 |
INT32-C. Ensure that operations on signed integers do not result in overflow |
0285 |
Use subset of ASCII for safety |
0286 |
Use subset of ASCII for safety |
0287 |
Use subset of ASCII for safety |
0288 |
Use subset of ASCII for safety |
0289 |
Use subset of ASCII for safety |
0290 |
INT02-C. Understand integer conversion rules |
0291 |
INT02-C. Understand integer conversion rules |
0296 |
INT32-C. Ensure that operations on signed integers do not result in overflow |
0297 |
INT32-C. Ensure that operations on signed integers do not result in overflow |
0299 |
Use subset of ASCII for safety |
0309 (U) |
INT36-C. Converting a pointer to integer or integer to pointer |
0310 |
EXP11-C. Do not make assumptions regarding the layout of structures with bit-fields |
0310 |
EXP39-C. Do not access a variable through a pointer of an incompatible type |
0311 |
EXP05-C. Do not cast away a const qualification |
0312 |
EXP32-C. Do not access a volatile object through a nonvolatile reference |
0400 U |
EXP30-C. Do not depend on the order of evaluation for side effects |
0401 U |
EXP30-C. Do not depend on the order of evaluation for side effects |
0402 U |
EXP30-C. Do not depend on the order of evaluation for side effects |
0403 U |
EXP30-C. Do not depend on the order of evaluation for side effects |
0431(C) |
DCL13-C. Declare function parameters that are pointers to values not changed by the function as const |
0432 (C) |
STR04-C. Use plain char for characters in the basic character set |
0434 (C) |
DCL31-C. Declare identifiers before using them |
0487 |
ARR36-C. Do not subtract or compare two pointers that do not refer to the same array |
0488 |
EXP08-C. Ensure pointer arithmetic is used correctly |
0499 |
INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand |
0500 |
INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand |
0501 |
INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand |
0502 |
INT13-C. Use bitwise operators only on unsigned operands |
0504 |
EXP34-C. Do not dereference null pointers |
0505 |
EXP34-C. Do not dereference null pointers |
0506 |
EXP34-C. Do not dereference null pointers |
0556 |
STR30-C. Do not attempt to modify string literals |
0563 |
DCL07-C. Include the appropriate type information in function declarators |
0597 |
MSC01-C. Strive for logical completeness |
0601 (E) |
ENV31-C. Do not rely on an environment pointer following an operation that may invalidate it |
0625 (U) |
DCL36-C. Do not declare an identifier with conflicting linkage classifications |
0634 (I) |
INT12-C. Do not make assumptions about the type of a plain int bit-field when used in an expression |
0674(C) |
EXP37-C. Call functions with the correct number and type of arguments |
0684 (C) |
ARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer |
0686 |
ARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer |
0687 |
ARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer |
0688 |
ARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer |
0689 |
MSC07-C. Detect and remove dead code |
0695 |
MEM02-C. Immediately cast the result of a memory allocation function call into a pointer to the allocated type |
0697 |
EXP03-C. Do not assume the size of a structure is the sum of the sizes of its members |
0722 |
INT09-C. Ensure enumeration constants map to unique values |
0723 |
INT09-C. Ensure enumeration constants map to unique values |
0752 |
STR05-C. Use pointers to const when referring to string literals |
0753 |
STR05-C. Use pointers to const when referring to string literals |
0777(U) |
DCL02-C. Use visually distinct identifiers |
0777 (U) |
DCL23-C. Guarantee that mutually visible identifiers are unique |
0779 (U) |
DCL23-C. Guarantee that mutually visible identifiers are unique |
0883 |
PRE06-C. Enclose header files in an inclusion guard |
1051 |
ARR32-C. Ensure size arguments for variable length arrays are in a valid range |
1280 |
DCL16-C. Use "L," not "l," to indicate a long value |
1302 |
DCL31-C. Declare identifiers before using them |
1312 |
STR11-C. Do not specify the bound of a character array initialized with a string literal |
1460 |
MSC01-C. Strive for logical completeness |
1470 |
MSC01-C. Strive for logical completeness |
1472 |
MSC01-C. Strive for logical completeness |
1504 |
DCL15-C. Declare file-scope objects or functions that do not need external linkage as static |
1505 |
DCL15-C. Declare file-scope objects or functions that do not need external linkage as static |
1510 |
DCL40-C. Do not create incompatible declarations of the same function or object |
1520 |
MEM05-C. Avoid large stack allocations |
1890 |
INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size |
1891 |
INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size |
1892 |
INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size |
1893 |
INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size |
1894 |
INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size |
1895 |
INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size |
2002 |
MSC01-C. Strive for logical completeness |
2004 |
MSC01-C. Strive for logical completeness |
2008 |
MSC07-C. Detect and remove dead code |
2050 |
DCL07-C. Include the appropriate type information in function declarators |
2050 |
DCL31-C. Declare identifiers before using them |
2051 |
DCL31-C. Declare identifiers before using them |
2205 |
DCL04-C. Do not declare more than one variable per declaration |
2547 |
DCL01-C. Do not reuse variable names in subscopes |
2741 2742 |
DCL03-C. Use a static assertion to test the value of a constant expression |
2771 |
ARR36-C. Do not subtract or compare two pointers that do not refer to the same array |
2782 |
DCL22-C. Use volatile for data that cannot be cached |
2790 (C) |
INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size |
2790 |
INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand |
2791 (D) |
INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand |
2792 (A) |
INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand |
2793 (S) |
INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand |
2800 |
INT32-C. Ensure that operations on signed integers do not result in overflow |
2814 |
EXP08-C. Ensure pointer arithmetic is used correctly |
2830 (C) |
INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors |
2831 (D) |
INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors |
2832 (A) |
INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors |
2833 (S) |
INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors |
2834 (P) |
INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors |
2850 (C) |
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
2851 (D) |
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
2852 (A) |
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
2853 (S) |
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
2900 (C) |
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
2901 (D) |
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
2902 (A) |
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
2903 (S) |
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
2905 (C) |
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
2906 (D) |
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
2907 (A) |
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
2908 (S) |
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
2910 (C) |
INT30-C. Ensure that unsigned integer operations do not wrap |
2911 (D) |
INT30-C. Ensure that unsigned integer operations do not wrap |
2912 (A) |
INT30-C. Ensure that unsigned integer operations do not wrap |
2913 (S) |
INT30-C. Ensure that unsigned integer operations do not wrap |
2930 |
EXP08-C. Ensure pointer arithmetic is used correctly |
2931 |
ARR38-C. Guarantee that library functions do not form invalid pointers |
2961 (D) |
EXP33-C. Do not read uninitialized memory |
2962 (A) |
EXP33-C. Do not read uninitialized memory |
2963 (S) |
EXP33-C. Do not read uninitialized memory |
2971 (D) |
EXP33-C. Do not read uninitialized memory |
2972 (A) |
EXP33-C. Do not read uninitialized memory |
3001 |
EXP37-C. Call functions with the correct number and type of arguments |
3103 |
INT10-C. Do not assume a positive remainder when using the % operator |
3110 |
MSC07-C. Detect and remove dead code |
3110 |
MSC12-C. Detect and remove code that has no effect |
3112 |
MSC07-C. Detect and remove dead code |
3112 |
MSC12-C. Detect and remove code that has no effect |
3120 |
DCL06-C. Use meaningful symbolic constants to represent literal values |
3120 |
EXP07-C. Do not diminish the benefits of constants by assuming their values in expressions |
3121 |
DCL06-C. Use meaningful symbolic constants to represent literal values |
3122 |
DCL06-C. Use meaningful symbolic constants to represent literal values |
3123 |
DCL06-C. Use meaningful symbolic constants to represent literal values |
3131 |
DCL06-C. Use meaningful symbolic constants to represent literal values |
3132 |
DCL06-C. Use meaningful symbolic constants to represent literal values |
3195 |
MSC13-C. Detect and remove unused values |
3196 |
MSC07-C. Detect and remove dead code |
3197 |
MSC13-C. Detect and remove unused values |
3198 |
MSC13-C. Detect and remove unused values |
3199 |
MSC13-C. Detect and remove unused values |
3200 |
ERR33-C. Detect and handle standard library errors |
3200 |
EXP12-C. Do not ignore values returned by functions |
3200 |
POS54-C. Detect and handle POSIX library errors |
3201 |
MSC07-C. Detect and remove dead code |
3202 |
MSC07-C. Detect and remove dead code |
3203 |
MSC07-C. Detect and remove dead code |
3204 |
DCL00-C. Const-qualify immutable objects |
3205 |
MSC07-C. Detect and remove dead code |
3206 |
MSC07-C. Detect and remove dead code |
3207 |
MSC07-C. Detect and remove dead code |
3210 |
MSC07-C. Detect and remove dead code |
3217 |
DCL30-C. Declare objects with appropriate storage durations |
3219 |
MSC07-C. Detect and remove dead code |
3225 |
DCL30-C. Declare objects with appropriate storage durations |
3226 |
EXP10-C. Do not depend on the order of evaluation of subexpressions or the order in which side effects take place |
3227 |
DCL00-C. Const-qualify immutable objects |
3229 |
MSC07-C. Detect and remove dead code |
3230 |
DCL30-C. Declare objects with appropriate storage durations |
3232 |
DCL00-C. Const-qualify immutable objects |
3302 |
INT30-C. Ensure that unsigned integer operations do not wrap |
3303 |
INT30-C. Ensure that unsigned integer operations do not wrap |
3304 |
INT30-C. Ensure that unsigned integer operations do not wrap |
3305 |
EXP36-C. Do not cast pointers into more strictly aligned pointer types |
3305 |
EXP39-C. Do not access a variable through a pointer of an incompatible type |
3307 |
EXP44-C. Do not rely on side effects in operands to sizeof, _Alignof, or _Generic |
3307 |
MSC07-C. Detect and remove dead code |
3314 |
EXP45-C. Do not perform assignments in selection statements |
3328 |
MSC07-C. Detect and remove dead code |
3334 |
DCL01-C. Do not reuse variable names in subscopes |
3335 |
DCL07-C. Include the appropriate type information in function declarators |
3335 |
DCL31-C. Declare identifiers before using them |
3340 |
FLP30-C. Do not use floating-point variables as loop counters |
3355 |
MSC07-C. Detect and remove dead code |
3356 |
MSC07-C. Detect and remove dead code |
3357 |
MSC07-C. Detect and remove dead code |
3358 |
MSC07-C. Detect and remove dead code |
3359 |
MSC07-C. Detect and remove dead code |
3360 |
MSC07-C. Detect and remove dead code |
3389 |
EXP00-C. Use parentheses for precedence of operation |
3390 |
EXP00-C. Use parentheses for precedence of operation |
3391 |
EXP00-C. Use parentheses for precedence of operation |
3392 |
EXP00-C. Use parentheses for precedence of operation |
3392 |
EXP13-C. Treat relational and equality operators as if they were nonassociative |
3393 |
EXP00-C. Use parentheses for precedence of operation |
3394 |
EXP00-C. Use parentheses for precedence of operation |
3395 |
EXP00-C. Use parentheses for precedence of operation |
3396 |
EXP00-C. Use parentheses for precedence of operation |
3397 |
EXP00-C. Use parentheses for precedence of operation |
3398 |
EXP00-C. Use parentheses for precedence of operation |
3399 |
EXP00-C. Use parentheses for precedence of operation |
3400 |
EXP00-C. Use parentheses for precedence of operation |
3401 |
EXP00-C. Use parentheses for precedence of operation |
3401 |
EXP13-C. Treat relational and equality operators as if they were nonassociative |
3404 |
MSC07-C. Detect and remove dead code |
3409 |
PRE02-C. Macro replacement lists should be parenthesized |
3410 |
PRE01-C. Use parentheses within macros around parameter names |
3412 |
PRE10-C. Wrap multistatement macros in a do-while loop |
3412 |
PRE11-C. Do not conclude macro definitions with a semicolon |
3413 |
PRE03-C. Prefer typedefs to defines for encoding types |
3415 |
EXP02-C. Be aware of the short-circuit behavior of the logical AND and OR operators |
3422 |
MSC07-C. Detect and remove dead code |
3423 |
MSC07-C. Detect and remove dead code |
3425 |
MSC07-C. Detect and remove dead code |
3426 |
MSC07-C. Detect and remove dead code |
3427 |
MSC07-C. Detect and remove dead code |
3440 |
PRE31-C. Avoid side effects in arguments to unsafe macros |
3450 |
DCL07-C. Include the appropriate type information in function declarators |
3453 |
PRE00-C. Prefer inline or static functions to function-like macros |
3454 |
PRE31-C. Avoid side effects in arguments to unsafe macros |
3455 |
PRE31-C. Avoid side effects in arguments to unsafe macros |
3456 |
PRE31-C. Avoid side effects in arguments to unsafe macros |
3458 |
PRE10-C. Wrap multistatement macros in a do-while loop |
3470 |
MSC07-C. Detect and remove dead code |
3601 |
PRE07-C. Avoid using repeated question marks |
3670 |
MEM05-C. Avoid large stack allocations |
3673 |
DCL13-C. Declare function parameters that are pointers to values not changed by the function as const |
3674 |
ARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer |
3680 |
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
3681 |
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
3682 |
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
3683 |
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
3684 |
ARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer |
3685 (U) |
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
3686 |
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
3688 |
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
3689 (U) |
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
3690 |
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
3692 |
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
3704 |
STR34-C. Cast characters to unsigned char before converting to larger integer sizes |
3711 |
INT07-C. Use only explicitly signed or unsigned char type for numeric values |
3722 |
INT07-C. Use only explicitly signed or unsigned char type for numeric values |
3733 |
INT07-C. Use only explicitly signed or unsigned char type for numeric values |
3744 |
INT07-C. Use only explicitly signed or unsigned char type for numeric values |
3755 |
INT02-C. Understand integer conversion rules |
3755 |
INT07-C. Use only explicitly signed or unsigned char type for numeric values |
3756 |
INT02-C. Understand integer conversion rules |
3757 |
INT02-C. Understand integer conversion rules |
3758 |
INT02-C. Understand integer conversion rules |
3758 |
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
3759 |
INT02-C. Understand integer conversion rules |
3759 |
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
3760 |
INT02-C. Understand integer conversion rules |
3760 |
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
3762 |
INT02-C. Understand integer conversion rules |
3763 |
INT02-C. Understand integer conversion rules |
3764 |
INT02-C. Understand integer conversion rules |
3765 |
INT02-C. Understand integer conversion rules |
3766 |
INT07-C. Use only explicitly signed or unsigned char type for numeric values |
3769 |
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
3770 |
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
3777 |
INT07-C. Use only explicitly signed or unsigned char type for numeric values |
3780 |
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
3781 |
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
3782 |
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
3783 |
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
3788 |
INT07-C. Use only explicitly signed or unsigned char type for numeric values |
3850 |
INT07-C. Use only explicitly signed or unsigned char type for numeric values |
3863 |
INT07-C. Use only explicitly signed or unsigned char type for numeric values |
3911 |
INT07-C. Use only explicitly signed or unsigned char type for numeric values |
3922 |
INT07-C. Use only explicitly signed or unsigned char type for numeric values |
3933 |
INT07-C. Use only explicitly signed or unsigned char type for numeric values |
3944 |
INT07-C. Use only explicitly signed or unsigned char type for numeric values |
3955 |
INT07-C. Use only explicitly signed or unsigned char type for numeric values |
3966 |
INT07-C. Use only explicitly signed or unsigned char type for numeric values |
3977 |
INT07-C. Use only explicitly signed or unsigned char type for numeric values |
3988 |
INT07-C. Use only explicitly signed or unsigned char type for numeric values |
4050 |
INT07-C. Use only explicitly signed or unsigned char type for numeric values |
4063 |
INT07-C. Use only explicitly signed or unsigned char type for numeric values |
4111 |
EXP13-C. Treat relational and equality operators as if they were nonassociative |
4112 |
EXP13-C. Treat relational and equality operators as if they were nonassociative |
4113 |
EXP13-C. Treat relational and equality operators as if they were nonassociative |
4117 |
FLP06-C. Convert integers to floating point for floating-point operations |
4118 |
FLP06-C. Convert integers to floating point for floating-point operations |
4119 |
FLP06-C. Convert integers to floating point for floating-point operations |
4123 |
FLP03-C. Detect and handle floating-point errors |
4124 |
FLP03-C. Detect and handle floating-point errors |
4125 |
FLP03-C. Detect and handle floating-point errors |
4126 |
FLP03-C. Detect and handle floating-point errors |
4127 |
FLP03-C. Detect and handle floating-point errors |
4128 |
FLP03-C. Detect and handle floating-point errors |
4130 |
INT13-C. Use bitwise operators only on unsigned operands |
4131 |
INT13-C. Use bitwise operators only on unsigned operands |
4140 |
DCL30-C. Declare objects with appropriate storage durations |
4450 |
FLP34-C. Ensure that floating-point conversions are within range of the new type |
4451 |
FLP34-C. Ensure that floating-point conversions are within range of the new type |
4452 |
FLP34-C. Ensure that floating-point conversions are within range of the new type |
4453 |
FLP34-C. Ensure that floating-point conversions are within range of the new type |
4454 |
FLP34-C. Ensure that floating-point conversions are within range of the new type |
fopen |
FIO01-C. Be careful using functions that use file names for identification |
freopen |
FIO01-C. Be careful using functions that use file names for identification |
rename |
FIO01-C. Be careful using functions that use file names for identification |
Secondary analysis |
DCL05-C. Use typedefs of non-pointer types only |
Secondary analysis |
PRE04-C. Do not reuse a standard header file name |
Secondary Analysis |
PRE08-C. Guarantee that header file names are unique |
Secondary analysis |
PRE09-C. Do not replace secure functions with deprecated or obsolescent functions |
Special case of STR34-C |
STR37-C. Arguments to character-handling functions must be representable as an unsigned char |
warncall fopen |
FIO06-C. Create files with appropriate access permissions |
warncall for fopen and fopen_s |
FIO03-C. Do not make assumptions about fopen() and file creation |
warncall for 'gets' |
STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator |
warncall for putenv |
POS34-C. Do not call putenv() with a pointer to an automatic variable as the argument |
warncall for realloc |
MEM03-C. Clear sensitive information stored in reusable resources |
Warncall for scanf etc |
INT05-C. Do not use input functions to convert character data if they cannot handle all possible inputs |
warncall for signal |
SIG00-C. Mask signals handled by noninterruptible signal handlers |
warncall for signal |
SIG01-C. Understand implementation-specific details regarding signal handler persistence |
Warncall remove |
FIO01-C. Be careful using functions that use file names for identification |
warncall tmpnam, tmpfile, mktemp, tmpnam_s |
FIO21-C. Do not create temporary files in shared directories |
Warncall -wc atoi |
INT06-C. Use strtol() or a related function to convert a string token to an integer |
Warncall -wc rand |
MSC30-C. Do not use the rand() function for generating pseudorandom numbers |
Warncall -wc remove |
FIO08-C. Take care when calling remove() on an open file |
warncall -wc rename |
FIO10-C. Take care when using the rename() function |
Warncall -wc signal |
SIG34-C. Do not call signal() from within interruptible signal handlers |
Warncall -wc strcpy |
STR07-C. Use the bounds-checking interfaces for remediation of existing string manipulation code |
warncall -wc system |
ENV03-C. Sanitize the environment when invoking external programs |
Warncall -wc system |
ENV33-C. Do not call system() |
Warncall -wc vfork |
POS33-C. Do not use vfork() |
-wc atol |
INT06-C. Use strtol() or a related function to convert a string token to an integer |
-wc strcat |
STR07-C. Use the bounds-checking interfaces for remediation of existing string manipulation code |
-wc strncat |
STR07-C. Use the bounds-checking interfaces for remediation of existing string manipulation code |
-wc strncpy |
STR07-C. Use the bounds-checking interfaces for remediation of existing string manipulation code |
