C checkers | Guideline |
---|
0160 | MSC15-C. Do not depend on undefined behavior |
0179 (U) | DCL11-C. Understand the type issues associated with variadic functions |
0179 (U) | FIO00-C. Take care when creating format strings |
0180 (C99) | FIO00-C. Take care when creating format strings |
0184 | DCL10-C. Maintain the contract between the writer and caller of variadic functions |
0184 (U) | DCL11-C. Understand the type issues associated with variadic functions |
0184 (U) | FIO00-C. Take care when creating format strings |
0185 | DCL10-C. Maintain the contract between the writer and caller of variadic functions |
0185 (U) | DCL11-C. Understand the type issues associated with variadic functions |
0185 (U) | FIO00-C. Take care when creating format strings |
0186 (U) | DCL11-C. Understand the type issues associated with variadic functions |
0190 (U) | FIO00-C. Take care when creating format strings |
0190 (U) | DCL11-C. Understand the type issues associated with variadic functions |
0191 (U) | DCL11-C. Understand the type issues associated with variadic functions |
0191 (U) | FIO00-C. Take care when creating format strings |
0192 (U) | DCL11-C. Understand the type issues associated with variadic functions |
0192 (U) | FIO00-C. Take care when creating format strings |
0193 (U) | DCL11-C. Understand the type issues associated with variadic functions |
0193 (U) | FIO00-C. Take care when creating format strings |
0194 (U) | FIO00-C. Take care when creating format strings |
0194 (U) | DCL11-C. Understand the type issues associated with variadic functions |
0195 (U) | DCL11-C. Understand the type issues associated with variadic functions |
0195 (U) | FIO00-C. Take care when creating format strings |
0196 (U) | FIO00-C. Take care when creating format strings |
0196 (U) | DCL11-C. Understand the type issues associated with variadic functions |
0197 (U) | DCL11-C. Understand the type issues associated with variadic functions |
0197 (U) | FIO00-C. Take care when creating format strings |
0198 (U) | DCL11-C. Understand the type issues associated with variadic functions |
0198 (U) | FIO00-C. Take care when creating format strings |
0199 (U) | DCL11-C. Understand the type issues associated with variadic functions |
0199 (U) | FIO00-C. Take care when creating format strings |
0200 (U) | DCL11-C. Understand the type issues associated with variadic functions |
0200 (U) | FIO00-C. Take care when creating format strings |
0201 (U) | FIO00-C. Take care when creating format strings |
0201 (U) | DCL11-C. Understand the type issues associated with variadic functions |
0202 (I) | FIO00-C. Take care when creating format strings |
0202 | MSC14-C. Do not introduce unnecessary platform dependencies |
0206 (U) | DCL11-C. Understand the type issues associated with variadic functions |
0206 (U) | FIO00-C. Take care when creating format strings |
0206 (U) | INT00-C. Understand the data model used by your implementation(s) |
0272 (I) | INT08-C. Verify that all integer values are in range |
0273 (I) | INT08-C. Verify that all integer values are in range |
0278 | INT32-C. Ensure that operations on signed integers do not result in overflow |
0285 | MSC09-C. Character encoding: Use subset of ASCII for safety |
0286 | MSC09-C. Character encoding: Use subset of ASCII for safety |
0287 | MSC09-C. Character encoding: Use subset of ASCII for safety |
0288 | MSC09-C. Character encoding: Use subset of ASCII for safety |
0289 | MSC09-C. Character encoding: Use subset of ASCII for safety |
0290 | INT02-C. Understand integer conversion rules |
0291 | INT02-C. Understand integer conversion rules |
0296 | INT32-C. Ensure that operations on signed integers do not result in overflow |
0297 | INT32-C. Ensure that operations on signed integers do not result in overflow |
0299 | MSC09-C. Character encoding: Use subset of ASCII for safety |
0309 (U) | INT11-C. Converting a pointer to integer or integer to pointer |
0310 | EXP11-C. Do not make assumptions regarding the layout of structures with bit-fields |
0310 | EXP39-C. Do not access a variable through a pointer of an incompatible type |
0311 | EXP05-C. Do not cast away a const qualification |
0312 | EXP32-C. Do not access a volatile object through a nonvolatile reference |
0400 U | EXP30-C. Do not depend on order of evaluation between sequence points |
0401 U | EXP30-C. Do not depend on order of evaluation between sequence points |
0402 U | EXP30-C. Do not depend on order of evaluation between sequence points |
0403 U | EXP30-C. Do not depend on order of evaluation between sequence points |
0428 | MSC02-C. Avoid errors of omission |
0431(C) | DCL13-C. Declare function parameters that are pointers to values not changed by the function as const |
0432 (C) | STR04-C. Use plain char for characters in the basic character set |
0434 (C) | DCL31-C. Declare identifiers before using them |
0487 | ARR36-C. Do not subtract or compare two pointers that do not refer to the same array |
0488 | EXP08-C. Ensure pointer arithmetic is used correctly |
0499 | INT34-C. Do not shift a negative number of bits or more bits than exist in the operand |
0500 | INT34-C. Do not shift a negative number of bits or more bits than exist in the operand |
0501 | INT34-C. Do not shift a negative number of bits or more bits than exist in the operand |
0502 | INT13-C. Use bitwise operators only on unsigned operands |
0504 | EXP34-C. Do not dereference null pointers |
0505 | EXP34-C. Do not dereference null pointers |
0506 | EXP34-C. Do not dereference null pointers |
0536 | MSC02-C. Avoid errors of omission |
0537 | MSC02-C. Avoid errors of omission |
0556 | STR30-C. Do not attempt to modify string literals |
0563 (C) | ARR34-C. Ensure that array types in expressions are compatible |
0563 | DCL07-C. Include the appropriate type information in function declarators |
0597 | MSC01-C. Strive for logical completeness |
0601 (E) | ENV31-C. Do not rely on an environment pointer following an operation that may invalidate it |
0625 (U) | DCL36-C. Do not declare an identifier with conflicting linkage classifications |
0634 (I) | INT12-C. Do not make assumptions about the type of a plain int bit-field when used in an expression |
0674 (C) | DCL35-C. Call functions with the correct number and type of arguments |
0674(C) | EXP37-C. Call functions with the correct number and type of arguments |
0684 (C) | ARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer |
0686 | ARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer |
0687 | ARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer |
0688 | ARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer |
0689 | MSC07-C. Detect and remove dead code |
0695 | MEM02-C. Immediately cast the result of a memory allocation function call into a pointer to the allocated type |
0697 | EXP03-C. Do not assume the size of a structure is the sum of the sizes of its members |
0722 | INT09-C. Ensure enumeration constants map to unique values |
0723 | INT09-C. Ensure enumeration constants map to unique values |
0752 | STR05-C. Use pointers to const when referring to string literals |
0753 | STR05-C. Use pointers to const when referring to string literals |
0777(U) | DCL02-C. Use visually distinct identifiers |
0777 (U) | DCL32-C. Guarantee that mutually visible identifiers are unique |
0779 (U) | DCL32-C. Guarantee that mutually visible identifiers are unique |
0883 | PRE06-C. Enclose header files in an inclusion guard |
1051 | ARR32-C. Ensure size arguments for variable length arrays are in a valid range |
1253 | MSC31-C. Ensure that return values are compared against the proper type |
1280 | DCL16-C. Use "L," not "l," to indicate a long value |
1302 | DCL31-C. Declare identifiers before using them |
1312 | STR36-C. Do not specify the bound of a character array initialized with a string literal |
1460 | MSC01-C. Strive for logical completeness |
1470 | MSC01-C. Strive for logical completeness |
1472 | MSC01-C. Strive for logical completeness |
1504 | DCL15-C. Declare file-scope objects or functions that do not need external linkage as static |
1505 | DCL15-C. Declare file-scope objects or functions that do not need external linkage as static |
1510 | ARR31-C. Use consistent array notation across all source files |
1520 | MEM05-C. Avoid large stack allocations |
1890 | INT35-C. Evaluate integer expressions in a larger size before comparing or assigning to that size |
1891 | INT35-C. Evaluate integer expressions in a larger size before comparing or assigning to that size |
1892 | INT35-C. Evaluate integer expressions in a larger size before comparing or assigning to that size |
1893 | INT35-C. Evaluate integer expressions in a larger size before comparing or assigning to that size |
1894 | INT35-C. Evaluate integer expressions in a larger size before comparing or assigning to that size |
1895 | INT35-C. Evaluate integer expressions in a larger size before comparing or assigning to that size |
2002 | MSC01-C. Strive for logical completeness |
2004 | MSC01-C. Strive for logical completeness |
2008 | MSC07-C. Detect and remove dead code |
2050 | DCL07-C. Include the appropriate type information in function declarators |
2050 | DCL31-C. Declare identifiers before using them |
2051 | DCL31-C. Declare identifiers before using them |
2205 | DCL04-C. Do not declare more than one variable per declaration |
2547 | DCL01-C. Do not reuse variable names in subscopes |
2741 2742 | DCL03-C. Use a static assertion to test the value of a constant expression |
2771 | ARR36-C. Do not subtract or compare two pointers that do not refer to the same array |
2782 | DCL34-C. Use volatile for data that cannot be cached |
2790 (C) | INT35-C. Evaluate integer expressions in a larger size before comparing or assigning to that size |
2790 | INT34-C. Do not shift a negative number of bits or more bits than exist in the operand |
2791 (D) | INT34-C. Do not shift a negative number of bits or more bits than exist in the operand |
2792 (A) | INT34-C. Do not shift a negative number of bits or more bits than exist in the operand |
2793 (S) | INT34-C. Do not shift a negative number of bits or more bits than exist in the operand |
2800 | INT32-C. Ensure that operations on signed integers do not result in overflow |
2814 | EXP08-C. Ensure pointer arithmetic is used correctly |
2830 (C) | INT33-C. Ensure that division and modulo operations do not result in divide-by-zero errors |
2831 (D) | INT33-C. Ensure that division and modulo operations do not result in divide-by-zero errors |
2832 (A) | INT33-C. Ensure that division and modulo operations do not result in divide-by-zero errors |
2833 (S) | INT33-C. Ensure that division and modulo operations do not result in divide-by-zero errors |
2834 (P) | INT33-C. Ensure that division and modulo operations do not result in divide-by-zero errors |
2850 (C) | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
2851 (D) | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
2852 (A) | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
2853 (S) | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
2900 (C) | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
2901 (D) | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
2902 (A) | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
2903 (S) | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
2905 (C) | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
2906 (D) | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
2907 (A) | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
2908 (S) | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
2910 (C) | INT30-C. Ensure that unsigned integer operations do not wrap |
2911 (D) | INT30-C. Ensure that unsigned integer operations do not wrap |
2912 (A) | INT30-C. Ensure that unsigned integer operations do not wrap |
2913 (S) | INT30-C. Ensure that unsigned integer operations do not wrap |
2930 | EXP08-C. Ensure pointer arithmetic is used correctly |
2931 | ARR38-C. Guarantee that library functions do not form invalid pointers |
2961 (D) | EXP33-C. Do not reference uninitialized memory |
2962 (A) | EXP33-C. Do not reference uninitialized memory |
2963 (S) | EXP33-C. Do not reference uninitialized memory |
2971 (D) | EXP33-C. Do not reference uninitialized memory |
2972 (A) | EXP33-C. Do not reference uninitialized memory |
3001 | EXP37-C. Call functions with the correct number and type of arguments |
3103 | INT10-C. Do not assume a positive remainder when using the % operator |
3110 | MSC07-C. Detect and remove dead code |
3110 | MSC12-C. Detect and remove code that has no effect |
3112 | MSC07-C. Detect and remove dead code |
3112 | MSC12-C. Detect and remove code that has no effect |
3120 | DCL06-C. Use meaningful symbolic constants to represent literal values |
3120 | EXP07-C. Do not diminish the benefits of constants by assuming their values in expressions |
3121 | DCL06-C. Use meaningful symbolic constants to represent literal values |
3122 | DCL06-C. Use meaningful symbolic constants to represent literal values |
3123 | DCL06-C. Use meaningful symbolic constants to represent literal values |
3131 | DCL06-C. Use meaningful symbolic constants to represent literal values |
3132 | DCL06-C. Use meaningful symbolic constants to represent literal values |
3195 | MSC13-C. Detect and remove unused values |
3196 | MSC07-C. Detect and remove dead code |
3197 | MSC13-C. Detect and remove unused values |
3198 | MSC13-C. Detect and remove unused values |
3199 | MSC13-C. Detect and remove unused values |
3200 | ERR33-C. Detect and handle standard library errors |
3200 | EXP12-C. Do not ignore values returned by functions |
3200 | FIO04-C. Detect and handle input and output errors |
3201 | MSC07-C. Detect and remove dead code |
3202 | MSC07-C. Detect and remove dead code |
3203 | MSC07-C. Detect and remove dead code |
3204 | DCL00-C. Const-qualify immutable objects |
3205 | MSC07-C. Detect and remove dead code |
3206 | MSC07-C. Detect and remove dead code |
3207 | MSC07-C. Detect and remove dead code |
3210 | MSC07-C. Detect and remove dead code |
3217 | DCL30-C. Declare objects with appropriate storage durations |
3219 | MSC07-C. Detect and remove dead code |
3225 | DCL30-C. Declare objects with appropriate storage durations |
3226 | EXP10-C. Do not depend on the order of evaluation of subexpressions or the order in which side effects take place |
3226 | MSC02-C. Avoid errors of omission |
3227 | DCL00-C. Const-qualify immutable objects |
3229 | MSC07-C. Detect and remove dead code |
3230 | DCL30-C. Declare objects with appropriate storage durations |
3232 | DCL00-C. Const-qualify immutable objects |
3302 | INT30-C. Ensure that unsigned integer operations do not wrap |
3303 | INT30-C. Ensure that unsigned integer operations do not wrap |
3304 | INT30-C. Ensure that unsigned integer operations do not wrap |
3305 | EXP36-C. Do not convert pointers into more strictly aligned pointer types |
3305 | EXP39-C. Do not access a variable through a pointer of an incompatible type |
3307 | EXP06-C. Operands to the sizeof operator should not contain side effects |
3307 | MSC07-C. Detect and remove dead code |
3314 | EXP18-C. Do not perform assignments in selection statements |
3314 | MSC02-C. Avoid errors of omission |
3326 | MSC02-C. Avoid errors of omission |
3328 | MSC07-C. Detect and remove dead code |
3334 | DCL01-C. Do not reuse variable names in subscopes |
3335 | DCL07-C. Include the appropriate type information in function declarators |
3335 | DCL31-C. Declare identifiers before using them |
3340 | FLP30-C. Do not use floating-point variables as loop counters |
3355 | MSC07-C. Detect and remove dead code |
3356 | MSC07-C. Detect and remove dead code |
3357 | MSC07-C. Detect and remove dead code |
3358 | MSC07-C. Detect and remove dead code |
3359 | MSC07-C. Detect and remove dead code |
3360 | MSC07-C. Detect and remove dead code |
3389 | EXP00-C. Use parentheses for precedence of operation |
3390 | EXP00-C. Use parentheses for precedence of operation |
3391 | EXP00-C. Use parentheses for precedence of operation |
3392 | EXP00-C. Use parentheses for precedence of operation |
3392 | EXP13-C. Treat relational and equality operators as if they were nonassociative |
3393 | EXP00-C. Use parentheses for precedence of operation |
3394 | EXP00-C. Use parentheses for precedence of operation |
3395 | EXP00-C. Use parentheses for precedence of operation |
3396 | EXP00-C. Use parentheses for precedence of operation |
3397 | EXP00-C. Use parentheses for precedence of operation |
3398 | EXP00-C. Use parentheses for precedence of operation |
3399 | EXP00-C. Use parentheses for precedence of operation |
3400 | EXP00-C. Use parentheses for precedence of operation |
3401 | EXP00-C. Use parentheses for precedence of operation |
3401 | EXP13-C. Treat relational and equality operators as if they were nonassociative |
3404 | MSC07-C. Detect and remove dead code |
3409 | PRE02-C. Macro replacement lists should be parenthesized |
3410 | PRE01-C. Use parentheses within macros around parameter names |
3412 | PRE10-C. Wrap multistatement macros in a do-while loop |
3412 | PRE11-C. Do not conclude macro definitions with a semicolon |
3413 | PRE03-C. Prefer typedefs to defines for encoding types |
3415 | EXP02-C. Be aware of the short-circuit behavior of the logical AND and OR operators |
3422 | MSC07-C. Detect and remove dead code |
3423 | MSC07-C. Detect and remove dead code |
3425 | MSC07-C. Detect and remove dead code |
3426 | MSC07-C. Detect and remove dead code |
3427 | MSC07-C. Detect and remove dead code |
3440 | EXP31-C. Avoid side effects in assertions |
3450 | DCL07-C. Include the appropriate type information in function declarators |
3453 | PRE00-C. Prefer inline or static functions to function-like macros |
3454 | PRE31-C. Avoid side effects in arguments to unsafe macros |
3455 | PRE31-C. Avoid side effects in arguments to unsafe macros |
3456 | PRE31-C. Avoid side effects in arguments to unsafe macros |
3458 | PRE10-C. Wrap multistatement macros in a do-while loop |
3470 | MSC07-C. Detect and remove dead code |
3601 | PRE07-C. Avoid using repeated question marks |
3670 | MEM05-C. Avoid large stack allocations |
3673 | DCL13-C. Declare function parameters that are pointers to values not changed by the function as const |
3674 | ARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer |
3680 | ARR30-C. Do not form or use out of bounds pointers or array subscripts |
3681 | ARR30-C. Do not form or use out of bounds pointers or array subscripts |
3682 | ARR30-C. Do not form or use out of bounds pointers or array subscripts |
3683 | ARR30-C. Do not form or use out of bounds pointers or array subscripts |
3684 | ARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer |
3685 (U) | ARR30-C. Do not form or use out of bounds pointers or array subscripts |
3686 | ARR30-C. Do not form or use out of bounds pointers or array subscripts |
3688 | ARR30-C. Do not form or use out of bounds pointers or array subscripts |
3689 (U) | ARR30-C. Do not form or use out of bounds pointers or array subscripts |
3690 | ARR30-C. Do not form or use out of bounds pointers or array subscripts |
3692 | ARR30-C. Do not form or use out of bounds pointers or array subscripts |
3704 | STR34-C. Cast characters to unsigned char before converting to larger integer sizes |
3711 | INT07-C. Use only explicitly signed or unsigned char type for numeric values |
3722 | INT07-C. Use only explicitly signed or unsigned char type for numeric values |
3733 | INT07-C. Use only explicitly signed or unsigned char type for numeric values |
3744 | INT07-C. Use only explicitly signed or unsigned char type for numeric values |
3755 | INT02-C. Understand integer conversion rules |
3755 | INT07-C. Use only explicitly signed or unsigned char type for numeric values |
3756 | INT02-C. Understand integer conversion rules |
3757 | INT02-C. Understand integer conversion rules |
3758 | INT02-C. Understand integer conversion rules |
3758 | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
3759 | INT02-C. Understand integer conversion rules |
3759 | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
3760 | INT02-C. Understand integer conversion rules |
3760 | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
3762 | INT02-C. Understand integer conversion rules |
3763 | INT02-C. Understand integer conversion rules |
3764 | INT02-C. Understand integer conversion rules |
3765 | INT02-C. Understand integer conversion rules |
3766 | INT07-C. Use only explicitly signed or unsigned char type for numeric values |
3769 | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
3770 | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
3777 | INT07-C. Use only explicitly signed or unsigned char type for numeric values |
3780 | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
3781 | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
3782 | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
3783 | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
3788 | INT07-C. Use only explicitly signed or unsigned char type for numeric values |
3850 | INT07-C. Use only explicitly signed or unsigned char type for numeric values |
3863 | INT07-C. Use only explicitly signed or unsigned char type for numeric values |
3911 | INT07-C. Use only explicitly signed or unsigned char type for numeric values |
3922 | INT07-C. Use only explicitly signed or unsigned char type for numeric values |
3933 | INT07-C. Use only explicitly signed or unsigned char type for numeric values |
3944 | INT07-C. Use only explicitly signed or unsigned char type for numeric values |
3955 | INT07-C. Use only explicitly signed or unsigned char type for numeric values |
3966 | INT07-C. Use only explicitly signed or unsigned char type for numeric values |
3977 | INT07-C. Use only explicitly signed or unsigned char type for numeric values |
3988 | INT07-C. Use only explicitly signed or unsigned char type for numeric values |
4050 | INT07-C. Use only explicitly signed or unsigned char type for numeric values |
4063 | INT07-C. Use only explicitly signed or unsigned char type for numeric values |
4111 | EXP13-C. Treat relational and equality operators as if they were nonassociative |
4112 | EXP13-C. Treat relational and equality operators as if they were nonassociative |
4113 | EXP13-C. Treat relational and equality operators as if they were nonassociative |
4117 | FLP33-C. Convert integers to floating point for floating-point operations |
4118 | FLP33-C. Convert integers to floating point for floating-point operations |
4119 | FLP33-C. Convert integers to floating point for floating-point operations |
4123 | FLP03-C. Detect and handle floating-point errors |
4124 | FLP03-C. Detect and handle floating-point errors |
4125 | FLP03-C. Detect and handle floating-point errors |
4126 | FLP03-C. Detect and handle floating-point errors |
4127 | FLP03-C. Detect and handle floating-point errors |
4128 | FLP03-C. Detect and handle floating-point errors |
4130 | INT13-C. Use bitwise operators only on unsigned operands |
4131 | INT13-C. Use bitwise operators only on unsigned operands |
4140 | DCL30-C. Declare objects with appropriate storage durations |
4450 | FLP34-C. Ensure that floating-point conversions are within range of the new type |
4451 | FLP34-C. Ensure that floating-point conversions are within range of the new type |
4452 | FLP34-C. Ensure that floating-point conversions are within range of the new type |
4453 | FLP34-C. Ensure that floating-point conversions are within range of the new type |
4454 | FLP34-C. Ensure that floating-point conversions are within range of the new type |
fopen | FIO01-C. Be careful using functions that use file names for identification |
freopen | FIO01-C. Be careful using functions that use file names for identification |
rename | FIO01-C. Be careful using functions that use file names for identification |
Secondary analysis | DCL05-C. Use typedefs of non-pointer types only |
Secondary analysis | PRE04-C. Do not reuse a standard header file name |
Secondary Analysis | PRE08-C. Guarantee that header file names are unique |
Secondary analysis | PRE09-C. Do not replace secure functions with deprecated or obsolescent functions |
Special case of STR34 | STR37-C. Arguments to character handling functions must be representable as an unsigned char |
warncall fopen | FIO06-C. Create files with appropriate access permissions |
warncall for fopen and fopen_s | FIO03-C. Do not make assumptions about fopen() and file creation |
warncall for 'gets' | STR35-C. Do not copy data from an unbounded source to a fixed-length array |
warncall for putenv | POS34-C. Do not call putenv() with a pointer to an automatic variable as the argument |
warncall for realloc | MEM03-C. Clear sensitive information stored in reusable resources |
Warncall for scanf etc | INT05-C. Do not use input functions to convert character data if they cannot handle all possible inputs |
warncall for signal | SIG00-C. Mask signals handled by noninterruptible signal handlers |
warncall for signal | SIG01-C. Understand implementation-specific details regarding signal handler persistence |
Warncall remove | FIO01-C. Be careful using functions that use file names for identification |
warncall tmpnam, tmpfile, mktemp, tmpnam_s | FIO43-C. Do not create temporary files in shared directories |
Warncall -wc atoi, -wc atol | INT06-C. Use strtol() or a related function to convert a string token to an integer |
Warncall -wc rand | MSC30-C. Do not use the rand() function for generating pseudorandom numbers |
Warncall -wc remove | FIO08-C. Take care when calling remove() on an open file |
Warncall -wc rename | FIO10-C. Take care when using the rename() function |
Warncall -wc rewind | FIO07-C. Prefer fseek() to rewind() |
Warncall -wc setbuf | FIO12-C. Prefer setvbuf() to setbuf() |
Warncall -wc signal | SIG34-C. Do not call signal() from within interruptible signal handlers |
Warncall -wc strcpy, -wc strcat, -wc strncpy, -wc strncat | STR07-C. Use the bounds-checking interfaces for remediation of existing string manipulation code |
Warncall -wc system | ENV03-C. Sanitize the environment when invoking external programs |
Warncall -wc system | ENV04-C. Do not call system() if you do not need a command processor |
Warncall -wc vfork | POS33-C. Do not use vfork() |