SEI CERT C Coding Standard

More documents

Recommendations

Info

Error Handling (ERR) - ERR33-C. Detect and handle standard library errors MITRE CWE CWE-252, Unchecked Return Value CWE-253, Incorrect Check of Function Return Value CWE-390, Detection of Error Condition without Action CWE-391, Unchecked Error Condition CWE-476, NULL Pointer Dereference 13.3.15 Bibliography [DHS 2006] [Henricson 1997] [ISO/IEC 9899:2011] [VU#159523] Handle All Errors Safely Recommendation 12.1, “Check for All Errors Reported from Functions” Subclause 7.21.7.10, “The ungetc Function” SEI CERT C Coding Standard: Rules for Developing Safe, Reliable, and Secure Systems 402 Software Engineering Institute | Carnegie Mellon University [DISTRIBUTION STATEMENT A] Approved for public release and unlimited distribution.
Concurrency (CON) - CON30-C. Clean up thread-specific storage 14 Concurrency (CON) 14.1 CON30-C. Clean up thread-specific storage The tss_create() function creates a thread-specific storage pointer identified by a key. Threads can allocate thread-specific storage and associate the storage with a key that uniquely identifies the storage by calling the tss_set() function. If not properly freed, this memory may be leaked. Ensure that thread-specific storage is freed. 14.1.1 Noncompliant Code Example In this noncompliant code example, each thread dynamically allocates storage in the get_data() function, which is then associated with the global key by the call to tss_set() in the add_data() function. This memory is subsequently leaked when the threads terminate. #include #include /* Global key to the thread-specific storage */ tss_t key; enum { MAX_THREADS = 3 }; int *get_data(void) { int *arr = (int *)malloc(2 * sizeof(int)); if (arr == NULL) { return arr; /* Report error */ } arr[0] = 10; arr[1] = 42; return arr; } int add_data(void) { int *data = get_data(); if (data == NULL) { return -1; /* Report error */ } } if (thrd_success != tss_set(key, (void *)data)) { /* Handle error */ } return 0; void print_data(void) { /* Get this thread's global data from key */ int *data = tss_get(key); SEI CERT C Coding Standard: Rules for Developing Safe, Reliable, and Secure Systems 403 Software Engineering Institute | Carnegie Mellon University [DISTRIBUTION STATEMENT A] Approved for public release and unlimited distribution.
Page 1 and 2:
SEI CERT C Coding Standard Rules fo
Page 3 and 4:
Table of Contents 1 Introduction 1
Page 5 and 6:
10 Input/Output (FIO) 281 10.1 FIO3
Page 7 and 8:
Introduction - Scope 1 Introduction
Page 9 and 10:
Introduction - Audience Some vendor
Page 11 and 12:
Introduction - ISO/IEC TS 17961 C S
Page 13 and 14:
Introduction - Tool Selection and V
Page 15 and 16:
Introduction - Taint Analysis false
Page 17 and 18:
Introduction - Conformance Testing
Page 19 and 20:
Introduction - Usage Early drafts o
Page 21 and 22:
Introduction - How This Coding Stan
Page 23 and 24:
Introduction - How This Coding Stan
Page 25 and 26:
Introduction - Government Regulatio
Page 27 and 28:
Introduction - Acknowledgments a su
Page 29 and 30:
Preprocessor (PRE) - PRE30-C. Do no
Page 31 and 32:
Preprocessor (PRE) - PRE31-C. Avoid
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Preprocessor (PRE) - PRE32-C. Do no
Page 39 and 40:
Declarations and Initialization (DC
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Page 49 and 50:
Page 51 and 52:
Page 53 and 54:
Page 55 and 56:
Page 57 and 58:
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Page 73 and 74:
Page 75 and 76:
Expressions (EXP) - EXP30-C. Do not
Page 77 and 78:
Page 79 and 80:
Page 81 and 82:
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Expressions (EXP) - EXP37-C. Call f
Page 107 and 108:
Expressions (EXP) - EXP37-C. Call f
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Expressions (EXP) - EXP43-C. Avoid
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Page 137 and 138:
Page 139 and 140:
Integers (INT) - INT30-C. Ensure th
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
Page 167 and 168:
Integers (INT) - INT34-C. Do not sh
Page 169 and 170:
Page 171 and 172:
Page 173 and 174:
Integers (INT) - INT35-C. Use corre
Page 175 and 176:
Integers (INT) - INT36-C. Convertin
Page 177 and 178:
Integers (INT) - INT36-C. Convertin
Page 179 and 180:
Floating Point (FLP) - FLP30-C. Do
Page 181 and 182:
Page 183 and 184:
Floating Point (FLP) - FLP32-C. Pre
Page 185 and 186:
Page 187 and 188:
Page 189 and 190:
Page 191 and 192:
Floating Point (FLP) - FLP34-C. Ens
Page 193 and 194:
Floating Point (FLP) - FLP34-C. Ens
Page 195 and 196:
Page 197 and 198:
Page 199 and 200:
Array (ARR) - ARR30-C. Do not form
Page 201 and 202:
Page 203 and 204:
Page 205 and 206:
Page 207 and 208:
Page 209 and 210:
Array (ARR) - ARR32-C. Ensure size
Page 211 and 212:
Array (ARR) - ARR32-C. Ensure size
Page 213 and 214:
Array (ARR) - ARR36-C. Do not subtr
Page 215 and 216:
Array (ARR) - ARR37-C. Do not add o
Page 217 and 218:
Page 219 and 220:
Array (ARR) - ARR38-C. Guarantee th
Page 221 and 222:
Page 223 and 224:
Page 225 and 226:
Page 227 and 228:
Page 229 and 230:
Page 231 and 232:
Page 233 and 234:
Characters and Strings (STR) - STR3
Page 235 and 236:
Page 237 and 238:
Page 239 and 240:
Page 241 and 242:
Page 243 and 244:
Page 245 and 246:
Page 247 and 248:
Page 249 and 250:
Page 251 and 252:
Page 253 and 254:
Page 255 and 256:
Page 257 and 258:
Page 259 and 260:
Page 261 and 262:
Page 263 and 264:
Memory Management (MEM) - MEM30-C.
Page 265 and 266:
Page 267 and 268:
Page 269 and 270:
Page 271 and 272:
Page 273 and 274:
Page 275 and 276:
Page 277 and 278:
Page 279 and 280:
Page 281 and 282:
Page 283 and 284:
Page 285 and 286:
Page 287 and 288:
Input/Output (FIO) - FIO30-C. Exclu
Page 289 and 290:
Input/Output (FIO) - FIO30-C. Exclu
Page 291 and 292:
Input/Output (FIO) - FIO32-C. Do no
Page 293 and 294:
Page 295 and 296:
Page 297 and 298:
Input/Output (FIO) - FIO34-C. Disti
Page 299 and 300:
Page 301 and 302:
Page 303 and 304:
Page 305 and 306:
Page 307 and 308:
Page 309 and 310:
Page 311 and 312:
Input/Output (FIO) - FIO40-C. Reset
Page 313 and 314:
Page 315 and 316:
Input/Output (FIO) - FIO42-C. Close
Page 317 and 318:
Input/Output (FIO) - FIO42-C. Close
Page 319 and 320:
Input/Output (FIO) - FIO44-C. Only
Page 321 and 322:
Input/Output (FIO) - FIO45-C. Avoid
Page 323 and 324:
Input/Output (FIO) - FIO45-C. Avoid
Page 325 and 326:
Page 327 and 328:
Input/Output (FIO) - FIO47-C. Use v
Page 329 and 330:
Page 331 and 332:
Page 333 and 334:
Environment (ENV) - ENV30-C. Do not
Page 335 and 336:
Page 337 and 338:
Page 339 and 340:
Page 341 and 342:
Page 343 and 344:
Environment (ENV) - ENV32-C. All ex
Page 345 and 346:
Environment (ENV) - ENV32-C. All ex
Page 347 and 348:
Page 349 and 350:
Page 351 and 352:
Page 353 and 354:
Page 355 and 356:
Page 357 and 358: Environment (ENV) - ENV34-C. Do not
Page 359 and 360: Signals (SIG) - SIG30-C. Call only
Page 369 and 370: Signals (SIG) - SIG31-C. Do not acc
Page 371 and 372: Signals (SIG) - SIG31-C. Do not acc
Page 373 and 374: Signals (SIG) - SIG34-C. Do not cal
Page 375 and 376: Signals (SIG) - SIG34-C. Do not cal
Page 377 and 378: Signals (SIG) - SIG35-C. Do not ret
Page 379 and 380: Signals (SIG) - SIG35-C. Do not ret
Page 381 and 382: Error Handling (ERR) - ERR30-C. Set
Page 387 and 388: Error Handling (ERR) - ERR32-C. Do
Page 393 and 394: Error Handling (ERR) - ERR33-C. Det
Page 407: Error Handling (ERR) - ERR33-C. Det
Page 411 and 412: Concurrency (CON) - CON30-C. Clean
Page 413 and 414: Concurrency (CON) - CON31-C. Do not
Page 417 and 418: Concurrency (CON) - CON32-C. Preven
Page 419 and 420: Concurrency (CON) - CON32-C. Preven
Page 421 and 422: Concurrency (CON) - CON33-C. Avoid
Page 425 and 426: Concurrency (CON) - CON34-C. Declar
Page 437 and 438: Concurrency (CON) - CON36-C. Wrap f
Page 443 and 444: Concurrency (CON) - CON38-C. Preser
Page 459 and 460:
Concurrency (CON) - CON41-C. Wrap f
Page 461 and 462:
Miscellaneous (MSC) - MSC30-C. Do n
Page 463 and 464:
Page 465 and 466:
Miscellaneous (MSC) - MSC32-C. Prop
Page 467 and 468:
Miscellaneous (MSC) - MSC32-C. Prop
Page 469 and 470:
Page 471 and 472:
Page 473 and 474:
Miscellaneous (MSC) - MSC37-C. Ensu
Page 475 and 476:
Miscellaneous (MSC) - MSC37-C. Ensu
Page 477 and 478:
Page 479 and 480:
Page 481 and 482:
Page 483 and 484:
Page 485 and 486:
Page 487 and 488:
Appendix A: Bibliography [Acton 200
Page 489 and 490:
[C++ Reference] Standard C Library,
Page 491 and 492:
[Graff 2003] Graff, Mark G. & Van W
Page 493 and 494:
[ISO/IEC 9899:1990] ISO/IEC. Progra
Page 495 and 496:
[ISO/IEC TS 17961] ISO/IEC. Informa
Page 497 and 498:
[Lipson 2006] Lipson, Howard. Evolu
Page 499 and 500:
[Murenin 2007] Murenin, Constantine
Page 501 and 502:
[Saks 2001a] Saks, Dan. “Symbolic
Page 503 and 504:
[Stevens 2005] Stevens, W. Richard.
Page 505 and 506:
[VU#649732] Gennari, Jeff. Vulnerab
Page 507 and 508:
Appendix B: Definitions abnormal en
Page 509 and 510:
error message A diagnostic message
Page 511 and 512:
mutilated value Result of an operat
Page 513 and 514:
strictly conforming A strictly conf
Page 515 and 516:
verification Confirmation by examin
Page 517 and 518:
UB Description Guideline 13 A trap
Page 519 and 520:
UB Description Guideline 46 Additio
Page 521 and 522:
UB Description Guideline 72 The def
Page 523 and 524:
UB Description Guideline 101 A file
Page 525 and 526:
UB Description Guideline 129 A sign
Page 527 and 528:
UB Description Guideline 154 The fo
Page 529 and 530:
UB Description Guideline 178 The al
Page 531 and 532:
Appendix D: Unspecified Behavior Ac
Page 533 and 534:
USB Description Guideline 30 The re
show all

SEI CERT C Coding Standard

Create successful ePaper yourself

Delete template?

Save as template?