cp-mapping

Prevent C checkers	CERT C Secure Coding Standard

BAD_COMPARE	MSC02-A. Avoid errors of omission (1)
BAD_FREE	MEM34-C. Only free memory allocated dynamically
CHAR_IO	[ FIO34-C. Use int to capture the return value of character IO functions
CHECKED_RETURN	[ FIO33-C. Detect and handle input output errors resulting in undefined behavior (2)
DEADCODE	[ MSC07-A. Detect and remove dead code
FORWARD_NULL	[ EXP34-C. Ensure a pointer is valid before dereferencing it (3)
MISSING_RETURN	[ MSC02-A. Avoid errors of omission < https://www.securecoding.cert.org/confluence/display/seccode/MSC02-A.+Avoid+errors+of+omission >
NEGATIVE_RETURNS	[ INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
NO_EFFECT	[ No equivalent
NULL_RETURNS	[ EXP34-C. Ensure a pointer is valid before dereferencing it (3)
OVERRUN_STATIC	[ STR34-C. Do not copy data from an unbounded source to a fixed-length array
OVERRUN_DYNAMIC	[ STR34-C. Do not copy data from an unbounded source to a fixed-length array
RESOURCE_LEAK	[ MEM31-C. Free dynamically allocated memory exactly once
RETURN_LOCAL	[ DCL30-C. Do not refer to an object outside of its lifetime
REVERSE_INULL EXP34-C. Ensure a pointer is valid before dereferencing it (3)
REVERSE_NEGATIVE	[ INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
SIZECHECK	[ No equivalent
STACK_USE	[ MEM05-A. Avoid large stack allocations
UNINIT	[ EXP33-C. Do not reference uninitialized variables
UNUSED_VALUE	[ No equivalent
USE_AFTER_FREE	[ MEM30-C. Do not access freed memory
VARARGS	[ (preview) No equivalent

(1) MSC02-A is a superset of 6.1.1 but we could break this out into a rule
(2) 6.1.4 is a pattern checker, FIO33-C list specific functions that
need to be checked
(3) 6.1.6 , 6.1.10, and 6.1.15 all check for cases covered under EXP34-C

Space shortcuts

Page tree