[{"data":1,"prerenderedAt":6428},["ShallowReactive",2],{"global-navigation":3,"page-\u002Fsei-cert-c-coding-standard\u002Frules\u002Farrays-arr\u002Farr30-c":28,"surround-\u002Fsei-cert-c-coding-standard\u002Frules\u002Farrays-arr\u002Farr30-c":4657,"sidebar-sei-cert-c-coding-standard":4665},[4,8],{"title":5,"path":6,"_path":6,"fromAppConfig":7},"Home","\u002F",true,{"title":9,"path":10,"children":11,"_path":27,"fromAppConfig":7},"Coding Standards","\u002Fcoding-standards\u002F",[12,15,18,21,24],{"title":13,"path":14},"Android Coding Standard","\u002Fandroid-secure-coding-standard\u002F",{"title":16,"path":17},"C Coding Standard","\u002Fsei-cert-c-coding-standard\u002F",{"title":19,"path":20},"C++ Coding Standard","\u002Fsei-cert-cpp-coding-standard\u002F",{"title":22,"path":23},"Java Coding Standard","\u002Fsei-cert-oracle-coding-standard-for-java\u002F",{"title":25,"path":26},"Perl Coding Standard","\u002Fsei-cert-perl-coding-standard\u002F","\u002Fcoding-standards",{"id":29,"title":30,"body":31,"description":41,"extension":4639,"meta":4640,"navigation":7,"path":4653,"seo":4654,"stem":4655,"__hash__":4656},"content\u002F4.sei-cert-c-coding-standard\u002F03.rules\u002F03.arrays-arr\u002F2.arr30-c.md","ARR30-C. Do not form or use out-of-bounds pointers or array subscripts",{"type":32,"value":33,"toc":4605},"minimark",[34,38,42,164,172,199,342,346,352,454,457,463,569,576,605,625,938,941,956,1154,1157,1164,1175,1193,1215,1231,1247,1481,1484,1500,1784,1791,1832,1980,1983,1989,2118,2125,2159,2464,2467,2470,2734,2741,2754,2900,2921,2950,2954,2960,3108,3112,3115,3175,3180,4111,4115,4128,4141,4145,4152,4281,4285,4291,4295,4298,4301,4304,4307,4310,4314,4317,4320,4324,4327,4329,4331,4334,4337,4342,4345,4350,4353,4358,4363,4367,4370,4372,4374,4377,4382,4385,4390,4395,4398,4403,4407,4410,4413,4418,4423,4427,4430,4434,4437,4440,4444,4447,4451,4454,4457,4461,4464,4469,4474,4478,4481,4484,4488,4578,4581,4601],[35,36,30],"h1",{"id":37},"arr30-c-do-not-form-or-use-out-of-bounds-pointers-or-array-subscripts",[39,40,41],"p",{},"The C Standard identifies the following distinct situations in which undefined behavior (UB) can arise as a result of invalid pointer operations:",[43,44,45,58],"table",{},[46,47,48],"thead",{},[49,50,51,54,56],"tr",{},[52,53],"th",{},[52,55],{},[52,57],{},[59,60,61,73,96,122,147],"tbody",{},[49,62,63,67,70],{},[64,65,66],"td",{},"UB",[64,68,69],{},"Description",[64,71,72],{},"Example Code",[49,74,75,82,85],{},[64,76,77],{},[78,79,81],"a",{"href":80},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fcc-undefined-behavior#CC.UndefinedBehavior-ub_43","43",[64,83,84],{},"Addition or subtraction of a pointer into, or just beyond, an array object and an integer type produces a result that does not point into, or just beyond, the same array object.",[64,86,87,91,92],{},[78,88,90],{"href":89},"#ARR30C.Donotformoruseoutofboundspointersorarraysubscripts-FormingOut-of-BoundsPointer","Forming Out-of-Bounds Pointer"," , ",[78,93,95],{"href":94},"#ARR30C.Donotformoruseoutofboundspointersorarraysubscripts-ImproperScaling","Null Pointer Arithmetic",[49,97,98,104,112],{},[64,99,100],{},[78,101,103],{"href":102},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fcc-undefined-behavior#CC.UndefinedBehavior-ub_44","44",[64,105,106,107,111],{},"Addition or subtraction of a pointer into, or just beyond, an array object and an integer type produces a result that points just beyond the array object and is used as the operand of a unary ",[108,109,110],"code",{},"*"," operator that is evaluated.",[64,113,114,91,118],{},[78,115,117],{"href":116},"#ARR30C.Donotformoruseoutofboundspointersorarraysubscripts-DereferencingPasttheEndPointer","Dereferencing Past the End Pointer",[78,119,121],{"href":120},"#ARR30C.Donotformoruseoutofboundspointersorarraysubscripts-UsingPasttheEndIndex","Using Past the End Index",[49,123,124,130,141],{},[64,125,126],{},[78,127,129],{"href":128},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fcc-undefined-behavior#CC.UndefinedBehavior-ub_46","46",[64,131,132,133,136,137,140],{},"An array subscript is out of range, even if an object is apparently accessible with the given subscript, for example, in the lvalue expression ",[108,134,135],{},"a[1][7]"," given the declaration ",[108,138,139],{},"       int a[4][5]      "," ).",[64,142,143],{},[78,144,146],{"href":145},"#ARR30C.Donotformoruseoutofboundspointersorarraysubscripts-ApparentlyAccessibleOut-of-RangeIndex","Apparently Accessible Out-of-Range Index",[49,148,149,155,158],{},[64,150,151],{},[78,152,154],{"href":153},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fcc-undefined-behavior#CC.UndefinedBehavior-ub_59","59",[64,156,157],{},"An attempt is made to access, or generate a pointer to just past, a flexible array member of a structure when the referenced object provides no elements for that array.",[64,159,160],{},[78,161,163],{"href":162},"#ARR30C.Donotformoruseoutofboundspointersorarraysubscripts-PointerPastFlexibleArrayMember","Pointer Past Flexible Array Member",[165,166,168,171],"h2",{"id":167},"noncompliant-code-example-forming-out-of-bounds-pointer",[78,169],{"id":170},"ARR30C.Donotformoruseoutofboundspointersorarraysubscripts-FormingOut-of-BoundsPointer"," Noncompliant Code Example (Forming Out-of-Bounds Pointer)",[39,173,174,175,178,179,182,183,185,186,188,189,191,192,195,196,198],{},"In this noncompliant code example, the function ",[108,176,177],{},"f()"," attempts to validate the ",[108,180,181],{},"index"," before using it as an offset to the statically allocated ",[108,184,43],{}," of integers. However, the function fails to reject negative ",[108,187,181],{}," values. When ",[108,190,181],{}," is less than zero, the behavior of the addition expression in the return statement of the function is ",[78,193,194],{"href":80},"undefined behavior 43"," . On some implementations, the addition alone can trigger a hardware trap. On other implementations, the addition may produce a result that when dereferenced triggers a hardware trap. Other implementations still may produce a dereferenceable pointer that points to an object distinct from ",[108,197,43],{}," . Using such a pointer to access the object may lead to information exposure or cause the wrong object to be modified.",[200,201,203],"code-block",{"quality":202},"bad",[204,205,210],"pre",{"className":206,"code":207,"language":208,"meta":209,"style":209},"language-c shiki shiki-themes github-light github-dark monokai","enum { TABLESIZE = 100 };\n\nstatic int table[TABLESIZE];\n\nint *f(int index) {\n  if (index \u003C TABLESIZE) {\n    return table + index;\n  }\n  return NULL;\n}\n","c","",[108,211,212,236,242,258,263,288,303,318,324,336],{"__ignoreMap":209},[213,214,217,221,225,229,233],"span",{"class":215,"line":216},"line",1,[213,218,220],{"class":219},"sq6CD","enum",[213,222,224],{"class":223},"sMOD_"," { TABLESIZE ",[213,226,228],{"class":227},"sC2Qs","=",[213,230,232],{"class":231},"s7F3e"," 100",[213,234,235],{"class":223}," };\n",[213,237,239],{"class":215,"line":238},2,[213,240,241],{"emptyLinePlaceholder":7},"\n",[213,243,245,248,251,255],{"class":215,"line":244},3,[213,246,247],{"class":227},"static",[213,249,250],{"class":219}," int",[213,252,254],{"class":253},"sOrwc"," table",[213,256,257],{"class":223},"[TABLESIZE];\n",[213,259,261],{"class":215,"line":260},4,[213,262,241],{"emptyLinePlaceholder":7},[213,264,266,269,272,276,279,281,285],{"class":215,"line":265},5,[213,267,268],{"class":219},"int",[213,270,271],{"class":227}," *",[213,273,275],{"class":274},"srTi1","f",[213,277,278],{"class":223},"(",[213,280,268],{"class":219},[213,282,284],{"class":283},"sTHNf"," index",[213,286,287],{"class":223},") {\n",[213,289,291,294,297,300],{"class":215,"line":290},6,[213,292,293],{"class":227},"  if",[213,295,296],{"class":223}," (index ",[213,298,299],{"class":227},"\u003C",[213,301,302],{"class":223}," TABLESIZE) {\n",[213,304,306,309,312,315],{"class":215,"line":305},7,[213,307,308],{"class":227},"    return",[213,310,311],{"class":223}," table ",[213,313,314],{"class":227},"+",[213,316,317],{"class":223}," index;\n",[213,319,321],{"class":215,"line":320},8,[213,322,323],{"class":223},"  }\n",[213,325,327,330,333],{"class":215,"line":326},9,[213,328,329],{"class":227},"  return",[213,331,332],{"class":231}," NULL",[213,334,335],{"class":223},";\n",[213,337,339],{"class":215,"line":338},10,[213,340,341],{"class":223},"}\n",[165,343,345],{"id":344},"compliant-solution","Compliant Solution",[39,347,348,349,351],{},"One compliant solution is to detect and reject invalid values of ",[108,350,181],{}," if using them in pointer arithmetic would result in an invalid pointer:",[200,353,355],{"quality":354},"good",[204,356,358],{"className":206,"code":357,"language":208,"meta":209,"style":209},"enum { TABLESIZE = 100 };\n\nstatic int table[TABLESIZE];\n\nint *f(int index) {\n  if (index >= 0 && index \u003C TABLESIZE) {\n    return table + index;\n  }\n  return NULL;\n}\n",[108,359,360,372,376,386,390,406,428,438,442,450],{"__ignoreMap":209},[213,361,362,364,366,368,370],{"class":215,"line":216},[213,363,220],{"class":219},[213,365,224],{"class":223},[213,367,228],{"class":227},[213,369,232],{"class":231},[213,371,235],{"class":223},[213,373,374],{"class":215,"line":238},[213,375,241],{"emptyLinePlaceholder":7},[213,377,378,380,382,384],{"class":215,"line":244},[213,379,247],{"class":227},[213,381,250],{"class":219},[213,383,254],{"class":253},[213,385,257],{"class":223},[213,387,388],{"class":215,"line":260},[213,389,241],{"emptyLinePlaceholder":7},[213,391,392,394,396,398,400,402,404],{"class":215,"line":265},[213,393,268],{"class":219},[213,395,271],{"class":227},[213,397,275],{"class":274},[213,399,278],{"class":223},[213,401,268],{"class":219},[213,403,284],{"class":283},[213,405,287],{"class":223},[213,407,408,410,412,415,418,421,424,426],{"class":215,"line":290},[213,409,293],{"class":227},[213,411,296],{"class":223},[213,413,414],{"class":227},">=",[213,416,417],{"class":231}," 0",[213,419,420],{"class":227}," &&",[213,422,423],{"class":223}," index ",[213,425,299],{"class":227},[213,427,302],{"class":223},[213,429,430,432,434,436],{"class":215,"line":305},[213,431,308],{"class":227},[213,433,311],{"class":223},[213,435,314],{"class":227},[213,437,317],{"class":223},[213,439,440],{"class":215,"line":320},[213,441,323],{"class":223},[213,443,444,446,448],{"class":215,"line":326},[213,445,329],{"class":227},[213,447,332],{"class":231},[213,449,335],{"class":223},[213,451,452],{"class":215,"line":338},[213,453,341],{"class":223},[165,455,345],{"id":456},"compliant-solution-1",[39,458,459,460,462],{},"Another slightly simpler and potentially more efficient compliant solution is to use an unsigned type to avoid having to check for negative values while still rejecting out-of-bounds positive values of ",[108,461,181],{}," :",[200,464,465],{"quality":354},[204,466,468],{"className":206,"code":467,"language":208,"meta":209,"style":209},"#include \u003Cstddef.h>\n \nenum { TABLESIZE = 100 };\n\nstatic int table[TABLESIZE];\n\nint *f(size_t index) {\n  if (index \u003C TABLESIZE) {\n    return table + index;\n  }\n  return NULL;\n}\n",[108,469,470,479,484,496,500,510,514,531,541,551,555,564],{"__ignoreMap":209},[213,471,472,475],{"class":215,"line":216},[213,473,474],{"class":227},"#include",[213,476,478],{"class":477},"sstjo"," \u003Cstddef.h>\n",[213,480,481],{"class":215,"line":238},[213,482,483],{"class":223}," \n",[213,485,486,488,490,492,494],{"class":215,"line":244},[213,487,220],{"class":219},[213,489,224],{"class":223},[213,491,228],{"class":227},[213,493,232],{"class":231},[213,495,235],{"class":223},[213,497,498],{"class":215,"line":260},[213,499,241],{"emptyLinePlaceholder":7},[213,501,502,504,506,508],{"class":215,"line":265},[213,503,247],{"class":227},[213,505,250],{"class":219},[213,507,254],{"class":253},[213,509,257],{"class":223},[213,511,512],{"class":215,"line":290},[213,513,241],{"emptyLinePlaceholder":7},[213,515,516,518,520,522,524,527,529],{"class":215,"line":305},[213,517,268],{"class":219},[213,519,271],{"class":227},[213,521,275],{"class":274},[213,523,278],{"class":223},[213,525,526],{"class":219},"size_t",[213,528,284],{"class":283},[213,530,287],{"class":223},[213,532,533,535,537,539],{"class":215,"line":320},[213,534,293],{"class":227},[213,536,296],{"class":223},[213,538,299],{"class":227},[213,540,302],{"class":223},[213,542,543,545,547,549],{"class":215,"line":326},[213,544,308],{"class":227},[213,546,311],{"class":223},[213,548,314],{"class":227},[213,550,317],{"class":223},[213,552,553],{"class":215,"line":338},[213,554,323],{"class":223},[213,556,558,560,562],{"class":215,"line":557},11,[213,559,329],{"class":227},[213,561,332],{"class":231},[213,563,335],{"class":223},[213,565,567],{"class":215,"line":566},12,[213,568,341],{"class":223},[165,570,572,575],{"id":571},"noncompliant-code-example-dereferencing-past-the-end-pointer",[78,573],{"id":574},"ARR30C.Donotformoruseoutofboundspointersorarraysubscripts-DereferencingPasttheEndPointer"," Noncompliant Code Example (Dereferencing Past-the-End Pointer)",[39,577,578,579,582,583,586,587,590,591,594,595,599,600,604],{},"This noncompliant code example shows the flawed logic in the Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface that was exploited by the W32.Blaster.Worm. The error is that the ",[108,580,581],{},"while"," loop in the ",[108,584,585],{},"GetMachineName()"," function (used to extract the host name from a longer string) is not sufficiently bounded. When the character array pointed to by ",[108,588,589],{},"pwszTemp"," does not contain the backslash character among the first ",[108,592,593],{},"  MAX_COMPUTERNAME_LENGTH_FQDN + 1 "," elements, the final valid iteration of the loop will dereference past the end pointer, resulting in exploitable ",[78,596,598],{"href":597},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fcc-undefined-behavior#CC.UndefinedBehavior-ub_47","undefined behavior 44"," . In this case, the actual exploit allowed the attacker to inject executable code into a running program. Economic damage from the Blaster worm has been estimated to be at least $525 million [ ",[78,601,603],{"href":602},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Faa-bibliography#AA.Bibliography-Pethia03","Pethia 2003"," ].",[39,606,607,608,614,615,620,621,604],{},"For a discussion of this programming error in the Common Weakness Enumeration database, see ",[78,609,613],{"href":610,"rel":611},"http:\u002F\u002Fcwe.mitre.org\u002Fdata\u002Fdefinitions\u002F119.html",[612],"nofollow","CWE-119"," , \"Improper Restriction of Operations within the Bounds of a Memory Buffer,\" and ",[78,616,619],{"href":617,"rel":618},"http:\u002F\u002Fcwe.mitre.org\u002Fdata\u002Fdefinitions\u002F121.html",[612],"CWE-121"," , \"Stack-based Buffer Overflow\" [ ",[78,622,624],{"href":623},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Faa-bibliography#AA.Bibliography-MITRE","MITRE 2013",[200,626,627],{"quality":202},[204,628,630],{"className":206,"code":629,"language":208,"meta":209,"style":209},"error_status_t _RemoteActivation(\n      \u002F* ... *\u002F, WCHAR *pwszObjectName, ... ) {\n   *phr = GetServerPath(\n              pwszObjectName, &pwszObjectName);\n    \u002F* ... *\u002F\n}\n\nHRESULT GetServerPath(\n  WCHAR *pwszPath, WCHAR **pwszServerPath ){\n  WCHAR *pwszFinalPath = pwszPath;\n  WCHAR wszMachineName[MAX_COMPUTERNAME_LENGTH_FQDN+1];\n  hr = GetMachineName(pwszPath, wszMachineName);\n  *pwszServerPath = pwszFinalPath;\n}\n\nHRESULT GetMachineName(\n  WCHAR *pwszPath,\n  WCHAR wszMachineName[MAX_COMPUTERNAME_LENGTH_FQDN+1])\n{\n  pwszServerName = wszMachineName;\n  LPWSTR pwszTemp = pwszPath + 2;\n  while (*pwszTemp != L'\\\\')\n    *pwszServerName++ = *pwszTemp++;\n  \u002F* ... *\u002F\n}\n",[108,631,632,644,661,676,687,692,696,700,710,731,745,763,776,790,795,800,810,822,838,844,855,873,904,927,933],{"__ignoreMap":209},[213,633,634,638,641],{"class":215,"line":216},[213,635,637],{"class":636},"s-m8C","error_status_t",[213,639,640],{"class":274}," _RemoteActivation",[213,642,643],{"class":223},"(\n",[213,645,646,650,653,655,658],{"class":215,"line":238},[213,647,649],{"class":648},"s8-w5","      \u002F* ... *\u002F",[213,651,652],{"class":223},", WCHAR ",[213,654,110],{"class":227},[213,656,657],{"class":283},"pwszObjectName",[213,659,660],{"class":223},", ... ) {\n",[213,662,663,666,669,671,674],{"class":215,"line":244},[213,664,665],{"class":227},"   *",[213,667,668],{"class":223},"phr ",[213,670,228],{"class":227},[213,672,673],{"class":274}," GetServerPath",[213,675,643],{"class":223},[213,677,678,681,684],{"class":215,"line":260},[213,679,680],{"class":223},"              pwszObjectName, ",[213,682,683],{"class":227},"&",[213,685,686],{"class":223},"pwszObjectName);\n",[213,688,689],{"class":215,"line":265},[213,690,691],{"class":648},"    \u002F* ... *\u002F\n",[213,693,694],{"class":215,"line":290},[213,695,341],{"class":223},[213,697,698],{"class":215,"line":305},[213,699,241],{"emptyLinePlaceholder":7},[213,701,702,705,708],{"class":215,"line":320},[213,703,704],{"class":223},"HRESULT ",[213,706,707],{"class":274},"GetServerPath",[213,709,643],{"class":223},[213,711,712,715,717,720,722,725,728],{"class":215,"line":326},[213,713,714],{"class":223},"  WCHAR ",[213,716,110],{"class":227},[213,718,719],{"class":283},"pwszPath",[213,721,652],{"class":223},[213,723,724],{"class":227},"**",[213,726,727],{"class":283},"pwszServerPath",[213,729,730],{"class":223}," ){\n",[213,732,733,735,737,740,742],{"class":215,"line":338},[213,734,714],{"class":223},[213,736,110],{"class":227},[213,738,739],{"class":223},"pwszFinalPath ",[213,741,228],{"class":227},[213,743,744],{"class":223}," pwszPath;\n",[213,746,747,749,752,755,757,760],{"class":215,"line":557},[213,748,714],{"class":223},[213,750,751],{"class":253},"wszMachineName",[213,753,754],{"class":223},"[MAX_COMPUTERNAME_LENGTH_FQDN",[213,756,314],{"class":227},[213,758,759],{"class":231},"1",[213,761,762],{"class":223},"];\n",[213,764,765,768,770,773],{"class":215,"line":566},[213,766,767],{"class":223},"  hr ",[213,769,228],{"class":227},[213,771,772],{"class":274}," GetMachineName",[213,774,775],{"class":223},"(pwszPath, wszMachineName);\n",[213,777,779,782,785,787],{"class":215,"line":778},13,[213,780,781],{"class":227},"  *",[213,783,784],{"class":223},"pwszServerPath ",[213,786,228],{"class":227},[213,788,789],{"class":223}," pwszFinalPath;\n",[213,791,793],{"class":215,"line":792},14,[213,794,341],{"class":223},[213,796,798],{"class":215,"line":797},15,[213,799,241],{"emptyLinePlaceholder":7},[213,801,803,805,808],{"class":215,"line":802},16,[213,804,704],{"class":223},[213,806,807],{"class":274},"GetMachineName",[213,809,643],{"class":223},[213,811,813,815,817,819],{"class":215,"line":812},17,[213,814,714],{"class":223},[213,816,110],{"class":227},[213,818,719],{"class":283},[213,820,821],{"class":223},",\n",[213,823,825,827,829,831,833,835],{"class":215,"line":824},18,[213,826,714],{"class":223},[213,828,751],{"class":253},[213,830,754],{"class":223},[213,832,314],{"class":227},[213,834,759],{"class":231},[213,836,837],{"class":223},"])\n",[213,839,841],{"class":215,"line":840},19,[213,842,843],{"class":223},"{\n",[213,845,847,850,852],{"class":215,"line":846},20,[213,848,849],{"class":223},"  pwszServerName ",[213,851,228],{"class":227},[213,853,854],{"class":223}," wszMachineName;\n",[213,856,858,861,863,866,868,871],{"class":215,"line":857},21,[213,859,860],{"class":223},"  LPWSTR pwszTemp ",[213,862,228],{"class":227},[213,864,865],{"class":223}," pwszPath ",[213,867,314],{"class":227},[213,869,870],{"class":231}," 2",[213,872,335],{"class":223},[213,874,876,879,882,884,887,890,893,896,899,901],{"class":215,"line":875},22,[213,877,878],{"class":227},"  while",[213,880,881],{"class":223}," (",[213,883,110],{"class":227},[213,885,886],{"class":223},"pwszTemp ",[213,888,889],{"class":227},"!=",[213,891,892],{"class":223}," L",[213,894,895],{"class":477},"'",[213,897,898],{"class":231},"\\\\",[213,900,895],{"class":477},[213,902,903],{"class":223},")\n",[213,905,907,910,913,916,919,921,923,925],{"class":215,"line":906},23,[213,908,909],{"class":227},"    *",[213,911,912],{"class":223},"pwszServerName",[213,914,915],{"class":227},"++",[213,917,918],{"class":227}," =",[213,920,271],{"class":227},[213,922,589],{"class":223},[213,924,915],{"class":227},[213,926,335],{"class":223},[213,928,930],{"class":215,"line":929},24,[213,931,932],{"class":648},"  \u002F* ... *\u002F\n",[213,934,936],{"class":215,"line":935},25,[213,937,341],{"class":223},[165,939,345],{"id":940},"compliant-solution-2",[39,942,943,944,582,946,948,949,952,953,955],{},"In this compliant solution, the ",[108,945,581],{},[108,947,585],{}," function is bounded so that the loop terminates when a backslash character is found, the null-termination character ( ",[108,950,951],{},"L'\\0'"," ) is discovered, or the end of the buffer is reached. Or, as coded, the while loop continues as long as each character is neither a backslash nor a null character and is not at the end of the buffer. This code does not result in a buffer overflow even if no backslash character is found in ",[108,954,751],{}," .",[200,957,958],{"quality":354},[204,959,961],{"className":206,"code":960,"language":208,"meta":209,"style":209},"HRESULT GetMachineName(\n  wchar_t *pwszPath,\n  wchar_t wszMachineName[MAX_COMPUTERNAME_LENGTH_FQDN+1])\n{\n  wchar_t *pwszServerName = wszMachineName;\n  wchar_t *pwszTemp = pwszPath + 2;\n  wchar_t *end_addr\n    = pwszServerName + MAX_COMPUTERNAME_LENGTH_FQDN;\n  while ((*pwszTemp != L'\\\\') &&\n         (*pwszTemp != L'\\0') &&\n         (pwszServerName \u003C end_addr))\n  {\n    *pwszServerName++ = *pwszTemp++;\n  }\n\n  \u002F* ... *\u002F\n}\n",[108,962,963,971,982,997,1001,1014,1032,1041,1054,1081,1105,1115,1120,1138,1142,1146,1150],{"__ignoreMap":209},[213,964,965,967,969],{"class":215,"line":216},[213,966,704],{"class":223},[213,968,807],{"class":274},[213,970,643],{"class":223},[213,972,973,976,978,980],{"class":215,"line":238},[213,974,975],{"class":636},"  wchar_t",[213,977,271],{"class":227},[213,979,719],{"class":283},[213,981,821],{"class":223},[213,983,984,986,989,991,993,995],{"class":215,"line":244},[213,985,975],{"class":636},[213,987,988],{"class":253}," wszMachineName",[213,990,754],{"class":223},[213,992,314],{"class":227},[213,994,759],{"class":231},[213,996,837],{"class":223},[213,998,999],{"class":215,"line":260},[213,1000,843],{"class":223},[213,1002,1003,1005,1007,1010,1012],{"class":215,"line":265},[213,1004,975],{"class":636},[213,1006,271],{"class":227},[213,1008,1009],{"class":223},"pwszServerName ",[213,1011,228],{"class":227},[213,1013,854],{"class":223},[213,1015,1016,1018,1020,1022,1024,1026,1028,1030],{"class":215,"line":290},[213,1017,975],{"class":636},[213,1019,271],{"class":227},[213,1021,886],{"class":223},[213,1023,228],{"class":227},[213,1025,865],{"class":223},[213,1027,314],{"class":227},[213,1029,870],{"class":231},[213,1031,335],{"class":223},[213,1033,1034,1036,1038],{"class":215,"line":305},[213,1035,975],{"class":636},[213,1037,271],{"class":227},[213,1039,1040],{"class":223},"end_addr\n",[213,1042,1043,1046,1049,1051],{"class":215,"line":320},[213,1044,1045],{"class":227},"    =",[213,1047,1048],{"class":223}," pwszServerName ",[213,1050,314],{"class":227},[213,1052,1053],{"class":223}," MAX_COMPUTERNAME_LENGTH_FQDN;\n",[213,1055,1056,1058,1061,1063,1065,1067,1069,1071,1073,1075,1078],{"class":215,"line":326},[213,1057,878],{"class":227},[213,1059,1060],{"class":223}," ((",[213,1062,110],{"class":227},[213,1064,886],{"class":223},[213,1066,889],{"class":227},[213,1068,892],{"class":223},[213,1070,895],{"class":477},[213,1072,898],{"class":231},[213,1074,895],{"class":477},[213,1076,1077],{"class":223},") ",[213,1079,1080],{"class":227},"&&\n",[213,1082,1083,1086,1088,1090,1092,1094,1096,1099,1101,1103],{"class":215,"line":338},[213,1084,1085],{"class":223},"         (",[213,1087,110],{"class":227},[213,1089,886],{"class":223},[213,1091,889],{"class":227},[213,1093,892],{"class":223},[213,1095,895],{"class":477},[213,1097,1098],{"class":231},"\\0",[213,1100,895],{"class":477},[213,1102,1077],{"class":223},[213,1104,1080],{"class":227},[213,1106,1107,1110,1112],{"class":215,"line":557},[213,1108,1109],{"class":223},"         (pwszServerName ",[213,1111,299],{"class":227},[213,1113,1114],{"class":223}," end_addr))\n",[213,1116,1117],{"class":215,"line":566},[213,1118,1119],{"class":223},"  {\n",[213,1121,1122,1124,1126,1128,1130,1132,1134,1136],{"class":215,"line":778},[213,1123,909],{"class":227},[213,1125,912],{"class":223},[213,1127,915],{"class":227},[213,1129,918],{"class":227},[213,1131,271],{"class":227},[213,1133,589],{"class":223},[213,1135,915],{"class":227},[213,1137,335],{"class":223},[213,1139,1140],{"class":215,"line":792},[213,1141,323],{"class":223},[213,1143,1144],{"class":215,"line":797},[213,1145,241],{"emptyLinePlaceholder":7},[213,1147,1148],{"class":215,"line":802},[213,1149,932],{"class":648},[213,1151,1152],{"class":215,"line":812},[213,1153,341],{"class":223},[39,1155,1156],{},"This compliant solution is for illustrative purposes and is not necessarily the solution implemented by Microsoft. This particular solution may not be correct because there is no guarantee that a backslash is found.",[165,1158,1160,1163],{"id":1159},"noncompliant-code-example-using-past-the-end-index",[78,1161],{"id":1162},"ARR30C.Donotformoruseoutofboundspointersorarraysubscripts-UsingPasttheEndIndex"," Noncompliant Code Example (Using Past-the-End Index)",[39,1165,1166,1167,1170,1171,1174],{},"Similar to the ",[78,1168,1169],{"href":116},"dereferencing-past-the-end-pointer"," error, the function ",[108,1172,1173],{},"insert_in_table()"," in this noncompliant code example uses an otherwise valid index to attempt to store a value in an element just past the end of an array.",[39,1176,1177,1178,1181,1182,1184,1185,1188,1189,1192],{},"First, the function incorrectly validates the index ",[108,1179,1180],{},"pos"," against the size of the buffer. When ",[108,1183,1180],{}," is initially equal to ",[108,1186,1187],{},"size"," , the function attempts to store ",[108,1190,1191],{},"value"," in a memory location just past the end of the buffer.",[39,1194,1195,1196,1198,1199,1201,1202,1205,1206,1208,1209,1211,1212,1214],{},"Second, when the index is greater than ",[108,1197,1187],{}," , the function modifies ",[108,1200,1187],{}," before growing the size of the buffer. If the call to ",[108,1203,1204],{},"realloc()"," fails to increase the size of the buffer, the next call to the function with a value of ",[108,1207,1180],{}," equal to or greater than the original value of ",[108,1210,1187],{}," will again attempt to store ",[108,1213,1191],{}," in a memory location just past the end of the buffer or beyond.",[39,1216,1217,1218,1222,1223,1225,1226,1228,1229,955],{},"Third, the function violates ",[78,1219,1221],{"href":1220},"\u002Fsei-cert-c-coding-standard\u002Frules\u002Fintegers-int\u002Fint30-c","INT30-C. Ensure that unsigned integer operations do not wrap"," , which could lead to wrapping when 1 is added to ",[108,1224,1180],{}," or when ",[108,1227,1187],{}," is multiplied by the size of ",[108,1230,268],{},[39,1232,607,1233,1238,1239,1244,1245,604],{},[78,1234,1237],{"href":1235,"rel":1236},"http:\u002F\u002Fcwe.mitre.org\u002Fdata\u002Fdefinitions\u002F122.html",[612],"CWE-122"," , \"Heap-based Buffer Overflow,\" and ",[78,1240,1243],{"href":1241,"rel":1242},"http:\u002F\u002Fcwe.mitre.org\u002Fdata\u002Fdefinitions\u002F129.html",[612],"CWE-129"," , \"Improper Validation of Array Index\" [ ",[78,1246,624],{"href":623},[200,1248,1249],{"quality":202},[204,1250,1252],{"className":206,"code":1251,"language":208,"meta":209,"style":209},"#include \u003Cstdlib.h>\n \nstatic int *table = NULL;\nstatic size_t size = 0;\n\nint insert_in_table(size_t pos, int value) {\n  if (size \u003C pos) {\n    int *tmp;\n    size = pos + 1;\n    tmp = (int *)realloc(table, sizeof(*table) * size);\n    if (tmp == NULL) {\n      return -1;   \u002F* Failure *\u002F\n    }\n    table = tmp;\n  }\n\n  table[pos] = value;\n  return 0;\n}\n",[108,1253,1254,1261,1265,1282,1298,1302,1326,1338,1348,1365,1402,1417,1433,1438,1448,1452,1456,1469,1477],{"__ignoreMap":209},[213,1255,1256,1258],{"class":215,"line":216},[213,1257,474],{"class":227},[213,1259,1260],{"class":477}," \u003Cstdlib.h>\n",[213,1262,1263],{"class":215,"line":238},[213,1264,483],{"class":223},[213,1266,1267,1269,1271,1273,1276,1278,1280],{"class":215,"line":244},[213,1268,247],{"class":227},[213,1270,250],{"class":219},[213,1272,271],{"class":227},[213,1274,1275],{"class":223},"table ",[213,1277,228],{"class":227},[213,1279,332],{"class":231},[213,1281,335],{"class":223},[213,1283,1284,1286,1289,1292,1294,1296],{"class":215,"line":260},[213,1285,247],{"class":227},[213,1287,1288],{"class":219}," size_t",[213,1290,1291],{"class":223}," size ",[213,1293,228],{"class":227},[213,1295,417],{"class":231},[213,1297,335],{"class":223},[213,1299,1300],{"class":215,"line":265},[213,1301,241],{"emptyLinePlaceholder":7},[213,1303,1304,1306,1309,1311,1313,1316,1319,1321,1324],{"class":215,"line":290},[213,1305,268],{"class":219},[213,1307,1308],{"class":274}," insert_in_table",[213,1310,278],{"class":223},[213,1312,526],{"class":219},[213,1314,1315],{"class":283}," pos",[213,1317,1318],{"class":223},", ",[213,1320,268],{"class":219},[213,1322,1323],{"class":283}," value",[213,1325,287],{"class":223},[213,1327,1328,1330,1333,1335],{"class":215,"line":305},[213,1329,293],{"class":227},[213,1331,1332],{"class":223}," (size ",[213,1334,299],{"class":227},[213,1336,1337],{"class":223}," pos) {\n",[213,1339,1340,1343,1345],{"class":215,"line":320},[213,1341,1342],{"class":219},"    int",[213,1344,271],{"class":227},[213,1346,1347],{"class":223},"tmp;\n",[213,1349,1350,1353,1355,1358,1360,1363],{"class":215,"line":326},[213,1351,1352],{"class":223},"    size ",[213,1354,228],{"class":227},[213,1356,1357],{"class":223}," pos ",[213,1359,314],{"class":227},[213,1361,1362],{"class":231}," 1",[213,1364,335],{"class":223},[213,1366,1367,1370,1372,1374,1376,1378,1381,1384,1387,1390,1392,1394,1397,1399],{"class":215,"line":338},[213,1368,1369],{"class":223},"    tmp ",[213,1371,228],{"class":227},[213,1373,881],{"class":223},[213,1375,268],{"class":219},[213,1377,271],{"class":227},[213,1379,1380],{"class":223},")",[213,1382,1383],{"class":274},"realloc",[213,1385,1386],{"class":223},"(table, ",[213,1388,1389],{"class":227},"sizeof",[213,1391,278],{"class":223},[213,1393,110],{"class":227},[213,1395,1396],{"class":223},"table) ",[213,1398,110],{"class":227},[213,1400,1401],{"class":223}," size);\n",[213,1403,1404,1407,1410,1413,1415],{"class":215,"line":557},[213,1405,1406],{"class":227},"    if",[213,1408,1409],{"class":223}," (tmp ",[213,1411,1412],{"class":227},"==",[213,1414,332],{"class":231},[213,1416,287],{"class":223},[213,1418,1419,1422,1425,1427,1430],{"class":215,"line":566},[213,1420,1421],{"class":227},"      return",[213,1423,1424],{"class":227}," -",[213,1426,759],{"class":231},[213,1428,1429],{"class":223},";",[213,1431,1432],{"class":648},"   \u002F* Failure *\u002F\n",[213,1434,1435],{"class":215,"line":778},[213,1436,1437],{"class":223},"    }\n",[213,1439,1440,1443,1445],{"class":215,"line":792},[213,1441,1442],{"class":223},"    table ",[213,1444,228],{"class":227},[213,1446,1447],{"class":223}," tmp;\n",[213,1449,1450],{"class":215,"line":797},[213,1451,323],{"class":223},[213,1453,1454],{"class":215,"line":802},[213,1455,241],{"emptyLinePlaceholder":7},[213,1457,1458,1461,1464,1466],{"class":215,"line":812},[213,1459,1460],{"class":253},"  table",[213,1462,1463],{"class":223},"[pos] ",[213,1465,228],{"class":227},[213,1467,1468],{"class":223}," value;\n",[213,1470,1471,1473,1475],{"class":215,"line":824},[213,1472,329],{"class":227},[213,1474,417],{"class":231},[213,1476,335],{"class":223},[213,1478,1479],{"class":215,"line":840},[213,1480,341],{"class":223},[165,1482,345],{"id":1483},"compliant-solution-3",[39,1485,1486,1487,1489,1490,1493,1494,1496,1497,1499],{},"This compliant solution correctly validates the index ",[108,1488,1180],{}," by using the ",[108,1491,1492],{},"\u003C="," relational operator, ensures the multiplication will not overflow, and avoids modifying ",[108,1495,1187],{}," until it has verified that the call to ",[108,1498,1204],{}," was successful:",[200,1501,1502],{"quality":354},[204,1503,1505],{"className":206,"code":1504,"language":208,"meta":209,"style":209},"#include \u003Cstdint.h>\n#include \u003Cstdlib.h>\n \nstatic int *table = NULL;\nstatic size_t size = 0;\n\nint insert_in_table(size_t pos, int value) {\n  if (size \u003C= pos) {\n    if ((SIZE_MAX - 1 \u003C pos) ||\n        ((pos + 1) > SIZE_MAX \u002F sizeof(*table))) {\n      return -1;\n    }\n \n    int *tmp = (int *)realloc(table, sizeof(*table) * (pos + 1));\n    if (tmp == NULL) {\n      return -1;\n    }\n    \u002F* Modify size only after realloc() succeeds *\u002F\n    size  = pos + 1;\n    table = tmp;\n  }\n\n  table[pos] = value;\n  return 0;\n}\n",[108,1506,1507,1514,1520,1524,1540,1554,1558,1578,1588,1609,1638,1648,1652,1657,1700,1712,1722,1726,1731,1746,1754,1758,1762,1772,1780],{"__ignoreMap":209},[213,1508,1509,1511],{"class":215,"line":216},[213,1510,474],{"class":227},[213,1512,1513],{"class":477}," \u003Cstdint.h>\n",[213,1515,1516,1518],{"class":215,"line":238},[213,1517,474],{"class":227},[213,1519,1260],{"class":477},[213,1521,1522],{"class":215,"line":244},[213,1523,483],{"class":223},[213,1525,1526,1528,1530,1532,1534,1536,1538],{"class":215,"line":260},[213,1527,247],{"class":227},[213,1529,250],{"class":219},[213,1531,271],{"class":227},[213,1533,1275],{"class":223},[213,1535,228],{"class":227},[213,1537,332],{"class":231},[213,1539,335],{"class":223},[213,1541,1542,1544,1546,1548,1550,1552],{"class":215,"line":265},[213,1543,247],{"class":227},[213,1545,1288],{"class":219},[213,1547,1291],{"class":223},[213,1549,228],{"class":227},[213,1551,417],{"class":231},[213,1553,335],{"class":223},[213,1555,1556],{"class":215,"line":290},[213,1557,241],{"emptyLinePlaceholder":7},[213,1559,1560,1562,1564,1566,1568,1570,1572,1574,1576],{"class":215,"line":305},[213,1561,268],{"class":219},[213,1563,1308],{"class":274},[213,1565,278],{"class":223},[213,1567,526],{"class":219},[213,1569,1315],{"class":283},[213,1571,1318],{"class":223},[213,1573,268],{"class":219},[213,1575,1323],{"class":283},[213,1577,287],{"class":223},[213,1579,1580,1582,1584,1586],{"class":215,"line":320},[213,1581,293],{"class":227},[213,1583,1332],{"class":223},[213,1585,1492],{"class":227},[213,1587,1337],{"class":223},[213,1589,1590,1592,1595,1598,1600,1603,1606],{"class":215,"line":326},[213,1591,1406],{"class":227},[213,1593,1594],{"class":223}," ((SIZE_MAX ",[213,1596,1597],{"class":227},"-",[213,1599,1362],{"class":231},[213,1601,1602],{"class":227}," \u003C",[213,1604,1605],{"class":223}," pos) ",[213,1607,1608],{"class":227},"||\n",[213,1610,1611,1614,1616,1618,1620,1623,1626,1628,1631,1633,1635],{"class":215,"line":338},[213,1612,1613],{"class":223},"        ((pos ",[213,1615,314],{"class":227},[213,1617,1362],{"class":231},[213,1619,1077],{"class":223},[213,1621,1622],{"class":227},">",[213,1624,1625],{"class":223}," SIZE_MAX ",[213,1627,6],{"class":227},[213,1629,1630],{"class":227}," sizeof",[213,1632,278],{"class":223},[213,1634,110],{"class":227},[213,1636,1637],{"class":223},"table))) {\n",[213,1639,1640,1642,1644,1646],{"class":215,"line":557},[213,1641,1421],{"class":227},[213,1643,1424],{"class":227},[213,1645,759],{"class":231},[213,1647,335],{"class":223},[213,1649,1650],{"class":215,"line":566},[213,1651,1437],{"class":223},[213,1653,1654],{"class":215,"line":778},[213,1655,1656],{"class":223}," \n",[213,1658,1659,1661,1663,1666,1668,1670,1672,1674,1676,1678,1680,1682,1684,1686,1688,1690,1693,1695,1697],{"class":215,"line":792},[213,1660,1342],{"class":219},[213,1662,271],{"class":227},[213,1664,1665],{"class":223},"tmp ",[213,1667,228],{"class":227},[213,1669,881],{"class":223},[213,1671,268],{"class":219},[213,1673,271],{"class":227},[213,1675,1380],{"class":223},[213,1677,1383],{"class":274},[213,1679,1386],{"class":223},[213,1681,1389],{"class":227},[213,1683,278],{"class":223},[213,1685,110],{"class":227},[213,1687,1396],{"class":223},[213,1689,110],{"class":227},[213,1691,1692],{"class":223}," (pos ",[213,1694,314],{"class":227},[213,1696,1362],{"class":231},[213,1698,1699],{"class":223},"));\n",[213,1701,1702,1704,1706,1708,1710],{"class":215,"line":797},[213,1703,1406],{"class":227},[213,1705,1409],{"class":223},[213,1707,1412],{"class":227},[213,1709,332],{"class":231},[213,1711,287],{"class":223},[213,1713,1714,1716,1718,1720],{"class":215,"line":802},[213,1715,1421],{"class":227},[213,1717,1424],{"class":227},[213,1719,759],{"class":231},[213,1721,335],{"class":223},[213,1723,1724],{"class":215,"line":812},[213,1725,1437],{"class":223},[213,1727,1728],{"class":215,"line":824},[213,1729,1730],{"class":648},"    \u002F* Modify size only after realloc() succeeds *\u002F\n",[213,1732,1733,1736,1738,1740,1742,1744],{"class":215,"line":840},[213,1734,1735],{"class":223},"    size  ",[213,1737,228],{"class":227},[213,1739,1357],{"class":223},[213,1741,314],{"class":227},[213,1743,1362],{"class":231},[213,1745,335],{"class":223},[213,1747,1748,1750,1752],{"class":215,"line":846},[213,1749,1442],{"class":223},[213,1751,228],{"class":227},[213,1753,1447],{"class":223},[213,1755,1756],{"class":215,"line":857},[213,1757,323],{"class":223},[213,1759,1760],{"class":215,"line":875},[213,1761,241],{"emptyLinePlaceholder":7},[213,1763,1764,1766,1768,1770],{"class":215,"line":906},[213,1765,1460],{"class":253},[213,1767,1463],{"class":223},[213,1769,228],{"class":227},[213,1771,1468],{"class":223},[213,1773,1774,1776,1778],{"class":215,"line":929},[213,1775,329],{"class":227},[213,1777,417],{"class":231},[213,1779,335],{"class":223},[213,1781,1782],{"class":215,"line":935},[213,1783,341],{"class":223},[165,1785,1787,1790],{"id":1786},"noncompliant-code-example-apparently-accessible-out-of-range-index",[78,1788],{"id":1789},"ARR30C.Donotformoruseoutofboundspointersorarraysubscripts-ApparentlyAccessibleOut-of-RangeIndex"," Noncompliant Code Example (Apparently Accessible Out-of-Range Index)",[39,1792,1793,1794,1797,1798,1801,1802,1805,1806,1809,1810,1813,1814,1817,1818,1820,1821,1824,1825,1827,1828,955],{},"This noncompliant code example declares ",[108,1795,1796],{},"matrix"," to consist of 7 rows and 5 columns in row-major order. The function ",[108,1799,1800],{},"init_matrix"," iterates over all 35 elements in an attempt to initialize each to the value given by the function argument ",[108,1803,1804],{},"x"," . However, because multidimensional arrays are declared in C in row-major order, the function iterates over the elements in column-major order, and when the value of ",[108,1807,1808],{},"j"," reaches the value ",[108,1811,1812],{},"COLS"," during the first iteration of the outer loop, the function attempts to access element ",[108,1815,1816],{},"matrix[0][5]"," . Because the type of ",[108,1819,1796],{}," is ",[108,1822,1823],{},"int[7][5]"," , the ",[108,1826,1808],{}," subscript is out of range, and the access has ",[78,1829,1831],{"href":1830},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fcc-undefined-behavior#CC.UndefinedBehavior-ub_49","undefined behavior 46",[200,1833,1834],{"quality":202},[204,1835,1837],{"className":206,"code":1836,"language":208,"meta":209,"style":209},"#include \u003Cstddef.h>\n#define COLS 5\n#define ROWS 7\nstatic int matrix[ROWS][COLS];\n\nvoid init_matrix(int x) {\n  for (size_t i = 0; i \u003C COLS; i++) {\n    for (size_t j = 0; j \u003C ROWS; j++) {\n      matrix[i][j] = x;\n    }\n  }\n}\n",[108,1838,1839,1845,1856,1866,1878,1882,1899,1927,1955,1968,1972,1976],{"__ignoreMap":209},[213,1840,1841,1843],{"class":215,"line":216},[213,1842,474],{"class":227},[213,1844,478],{"class":477},[213,1846,1847,1850,1853],{"class":215,"line":238},[213,1848,1849],{"class":227},"#define",[213,1851,1852],{"class":274}," COLS",[213,1854,1855],{"class":231}," 5\n",[213,1857,1858,1860,1863],{"class":215,"line":244},[213,1859,1849],{"class":227},[213,1861,1862],{"class":274}," ROWS",[213,1864,1865],{"class":231}," 7\n",[213,1867,1868,1870,1872,1875],{"class":215,"line":260},[213,1869,247],{"class":227},[213,1871,250],{"class":219},[213,1873,1874],{"class":253}," matrix",[213,1876,1877],{"class":223},"[ROWS][COLS];\n",[213,1879,1880],{"class":215,"line":265},[213,1881,241],{"emptyLinePlaceholder":7},[213,1883,1884,1887,1890,1892,1894,1897],{"class":215,"line":290},[213,1885,1886],{"class":219},"void",[213,1888,1889],{"class":274}," init_matrix",[213,1891,278],{"class":223},[213,1893,268],{"class":219},[213,1895,1896],{"class":283}," x",[213,1898,287],{"class":223},[213,1900,1901,1904,1906,1908,1911,1913,1915,1918,1920,1923,1925],{"class":215,"line":305},[213,1902,1903],{"class":227},"  for",[213,1905,881],{"class":223},[213,1907,526],{"class":219},[213,1909,1910],{"class":223}," i ",[213,1912,228],{"class":227},[213,1914,417],{"class":231},[213,1916,1917],{"class":223},"; i ",[213,1919,299],{"class":227},[213,1921,1922],{"class":223}," COLS; i",[213,1924,915],{"class":227},[213,1926,287],{"class":223},[213,1928,1929,1932,1934,1936,1939,1941,1943,1946,1948,1951,1953],{"class":215,"line":320},[213,1930,1931],{"class":227},"    for",[213,1933,881],{"class":223},[213,1935,526],{"class":219},[213,1937,1938],{"class":223}," j ",[213,1940,228],{"class":227},[213,1942,417],{"class":231},[213,1944,1945],{"class":223},"; j ",[213,1947,299],{"class":227},[213,1949,1950],{"class":223}," ROWS; j",[213,1952,915],{"class":227},[213,1954,287],{"class":223},[213,1956,1957,1960,1963,1965],{"class":215,"line":326},[213,1958,1959],{"class":253},"      matrix",[213,1961,1962],{"class":223},"[i][j] ",[213,1964,228],{"class":227},[213,1966,1967],{"class":223}," x;\n",[213,1969,1970],{"class":215,"line":338},[213,1971,1437],{"class":223},[213,1973,1974],{"class":215,"line":557},[213,1975,323],{"class":223},[213,1977,1978],{"class":215,"line":566},[213,1979,341],{"class":223},[165,1981,345],{"id":1982},"compliant-solution-4",[39,1984,1985,1986,1988],{},"This compliant solution avoids using out-of-range indices by initializing ",[108,1987,1796],{}," elements in the same row-major order as multidimensional objects are declared in C:",[200,1990,1991],{"quality":354},[204,1992,1994],{"className":206,"code":1993,"language":208,"meta":209,"style":209},"#include \u003Cstddef.h>\n#define COLS 5\n#define ROWS 7\nstatic int matrix[ROWS][COLS];\n\nvoid init_matrix(int x) {\n  for (size_t i = 0; i \u003C ROWS; i++) {\n    for (size_t j = 0; j \u003C COLS; j++) {\n      matrix[i][j] = x;\n    }\n  }\n}\n",[108,1995,1996,2002,2010,2018,2028,2032,2046,2071,2096,2106,2110,2114],{"__ignoreMap":209},[213,1997,1998,2000],{"class":215,"line":216},[213,1999,474],{"class":227},[213,2001,478],{"class":477},[213,2003,2004,2006,2008],{"class":215,"line":238},[213,2005,1849],{"class":227},[213,2007,1852],{"class":274},[213,2009,1855],{"class":231},[213,2011,2012,2014,2016],{"class":215,"line":244},[213,2013,1849],{"class":227},[213,2015,1862],{"class":274},[213,2017,1865],{"class":231},[213,2019,2020,2022,2024,2026],{"class":215,"line":260},[213,2021,247],{"class":227},[213,2023,250],{"class":219},[213,2025,1874],{"class":253},[213,2027,1877],{"class":223},[213,2029,2030],{"class":215,"line":265},[213,2031,241],{"emptyLinePlaceholder":7},[213,2033,2034,2036,2038,2040,2042,2044],{"class":215,"line":290},[213,2035,1886],{"class":219},[213,2037,1889],{"class":274},[213,2039,278],{"class":223},[213,2041,268],{"class":219},[213,2043,1896],{"class":283},[213,2045,287],{"class":223},[213,2047,2048,2050,2052,2054,2056,2058,2060,2062,2064,2067,2069],{"class":215,"line":305},[213,2049,1903],{"class":227},[213,2051,881],{"class":223},[213,2053,526],{"class":219},[213,2055,1910],{"class":223},[213,2057,228],{"class":227},[213,2059,417],{"class":231},[213,2061,1917],{"class":223},[213,2063,299],{"class":227},[213,2065,2066],{"class":223}," ROWS; i",[213,2068,915],{"class":227},[213,2070,287],{"class":223},[213,2072,2073,2075,2077,2079,2081,2083,2085,2087,2089,2092,2094],{"class":215,"line":320},[213,2074,1931],{"class":227},[213,2076,881],{"class":223},[213,2078,526],{"class":219},[213,2080,1938],{"class":223},[213,2082,228],{"class":227},[213,2084,417],{"class":231},[213,2086,1945],{"class":223},[213,2088,299],{"class":227},[213,2090,2091],{"class":223}," COLS; j",[213,2093,915],{"class":227},[213,2095,287],{"class":223},[213,2097,2098,2100,2102,2104],{"class":215,"line":326},[213,2099,1959],{"class":253},[213,2101,1962],{"class":223},[213,2103,228],{"class":227},[213,2105,1967],{"class":223},[213,2107,2108],{"class":215,"line":338},[213,2109,1437],{"class":223},[213,2111,2112],{"class":215,"line":557},[213,2113,323],{"class":223},[213,2115,2116],{"class":215,"line":566},[213,2117,341],{"class":223},[165,2119,2121,2124],{"id":2120},"noncompliant-code-example-pointer-past-flexible-array-member",[78,2122],{"id":2123},"ARR30C.Donotformoruseoutofboundspointersorarraysubscripts-PointerPastFlexibleArrayMember"," Noncompliant Code Example (Pointer Past Flexible Array Member)",[39,2126,174,2127,2130,2131,2134,2135,2138,2139,2142,2143,2145,2146,2148,2149,2153,2154,2158],{},[108,2128,2129],{},"find()"," attempts to iterate over the elements of the flexible array member ",[108,2132,2133],{},"buf"," , starting with the second element. However, because function ",[108,2136,2137],{},"g()"," does not allocate any storage for the member, the expression ",[108,2140,2141],{},"first++"," in ",[108,2144,2129],{}," attempts to form a pointer just past the end of ",[108,2147,2133],{}," when there are no elements. This attempt is ",[78,2150,2152],{"href":2151},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fcc-undefined-behavior#CC.UndefinedBehavior-ub_","undefined behavior 59"," . (See ",[78,2155,2157],{"href":2156},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc21-c","MSC21-C. Use robust loop termination conditions"," for more information.)",[200,2160,2161],{"quality":202},[204,2162,2164],{"className":206,"code":2163,"language":208,"meta":209,"style":209},"#include \u003Cstdlib.h>\n \nstruct S {\n  size_t len;\n  char buf[];  \u002F* Flexible array member *\u002F\n};\n\nconst char *find(const struct S *s, int c) {\n  const char *first = s->buf;\n  const char *last  = s->buf + s->len;\n\n  while (first++ != last) { \u002F* Undefined behavior *\u002F\n    if (*first == c) {\n      return first;\n    }\n  }\n  return NULL;\n}\n \nvoid g(void) {\n  struct S *s = (struct S *)malloc(sizeof(struct S));\n  if (s == NULL) {\n    \u002F* Handle error *\u002F\n  }\n  s->len = 0;\n  find(s, 'a');\n}\n",[108,2165,2166,2172,2176,2184,2192,2208,2213,2217,2254,2271,2292,2296,2314,2329,2336,2340,2344,2352,2356,2360,2373,2411,2424,2429,2433,2444,2459],{"__ignoreMap":209},[213,2167,2168,2170],{"class":215,"line":216},[213,2169,474],{"class":227},[213,2171,1260],{"class":477},[213,2173,2174],{"class":215,"line":238},[213,2175,483],{"class":223},[213,2177,2178,2181],{"class":215,"line":244},[213,2179,2180],{"class":219},"struct",[213,2182,2183],{"class":223}," S {\n",[213,2185,2186,2189],{"class":215,"line":260},[213,2187,2188],{"class":219},"  size_t",[213,2190,2191],{"class":223}," len;\n",[213,2193,2194,2197,2200,2203,2205],{"class":215,"line":265},[213,2195,2196],{"class":219},"  char",[213,2198,2199],{"class":223}," buf",[213,2201,2202],{"class":227},"[]",[213,2204,1429],{"class":223},[213,2206,2207],{"class":648},"  \u002F* Flexible array member *\u002F\n",[213,2209,2210],{"class":215,"line":290},[213,2211,2212],{"class":223},"};\n",[213,2214,2215],{"class":215,"line":305},[213,2216,241],{"emptyLinePlaceholder":7},[213,2218,2219,2222,2225,2227,2230,2232,2234,2237,2240,2242,2245,2247,2249,2252],{"class":215,"line":320},[213,2220,2221],{"class":227},"const",[213,2223,2224],{"class":219}," char",[213,2226,271],{"class":227},[213,2228,2229],{"class":274},"find",[213,2231,278],{"class":223},[213,2233,2221],{"class":227},[213,2235,2236],{"class":219}," struct",[213,2238,2239],{"class":223}," S ",[213,2241,110],{"class":227},[213,2243,2244],{"class":283},"s",[213,2246,1318],{"class":223},[213,2248,268],{"class":219},[213,2250,2251],{"class":283}," c",[213,2253,287],{"class":223},[213,2255,2256,2259,2261,2263,2266,2268],{"class":215,"line":326},[213,2257,2258],{"class":227},"  const",[213,2260,2224],{"class":219},[213,2262,271],{"class":227},[213,2264,2265],{"class":223},"first ",[213,2267,228],{"class":227},[213,2269,2270],{"class":223}," s->buf;\n",[213,2272,2273,2275,2277,2279,2282,2284,2287,2289],{"class":215,"line":338},[213,2274,2258],{"class":227},[213,2276,2224],{"class":219},[213,2278,271],{"class":227},[213,2280,2281],{"class":223},"last  ",[213,2283,228],{"class":227},[213,2285,2286],{"class":223}," s->buf ",[213,2288,314],{"class":227},[213,2290,2291],{"class":223}," s->len;\n",[213,2293,2294],{"class":215,"line":557},[213,2295,241],{"emptyLinePlaceholder":7},[213,2297,2298,2300,2303,2305,2308,2311],{"class":215,"line":566},[213,2299,878],{"class":227},[213,2301,2302],{"class":223}," (first",[213,2304,915],{"class":227},[213,2306,2307],{"class":227}," !=",[213,2309,2310],{"class":223}," last) {",[213,2312,2313],{"class":648}," \u002F* Undefined behavior *\u002F\n",[213,2315,2316,2318,2320,2322,2324,2326],{"class":215,"line":778},[213,2317,1406],{"class":227},[213,2319,881],{"class":223},[213,2321,110],{"class":227},[213,2323,2265],{"class":223},[213,2325,1412],{"class":227},[213,2327,2328],{"class":223}," c) {\n",[213,2330,2331,2333],{"class":215,"line":792},[213,2332,1421],{"class":227},[213,2334,2335],{"class":223}," first;\n",[213,2337,2338],{"class":215,"line":797},[213,2339,1437],{"class":223},[213,2341,2342],{"class":215,"line":802},[213,2343,323],{"class":223},[213,2345,2346,2348,2350],{"class":215,"line":812},[213,2347,329],{"class":227},[213,2349,332],{"class":231},[213,2351,335],{"class":223},[213,2353,2354],{"class":215,"line":824},[213,2355,341],{"class":223},[213,2357,2358],{"class":215,"line":840},[213,2359,483],{"class":223},[213,2361,2362,2364,2367,2369,2371],{"class":215,"line":846},[213,2363,1886],{"class":219},[213,2365,2366],{"class":274}," g",[213,2368,278],{"class":223},[213,2370,1886],{"class":219},[213,2372,287],{"class":223},[213,2374,2375,2378,2380,2382,2385,2387,2389,2391,2393,2395,2397,2400,2402,2404,2406,2408],{"class":215,"line":857},[213,2376,2377],{"class":219},"  struct",[213,2379,2239],{"class":223},[213,2381,110],{"class":227},[213,2383,2384],{"class":223},"s ",[213,2386,228],{"class":227},[213,2388,881],{"class":223},[213,2390,2180],{"class":219},[213,2392,2239],{"class":223},[213,2394,110],{"class":227},[213,2396,1380],{"class":223},[213,2398,2399],{"class":274},"malloc",[213,2401,278],{"class":223},[213,2403,1389],{"class":227},[213,2405,278],{"class":223},[213,2407,2180],{"class":219},[213,2409,2410],{"class":223}," S));\n",[213,2412,2413,2415,2418,2420,2422],{"class":215,"line":875},[213,2414,293],{"class":227},[213,2416,2417],{"class":223}," (s ",[213,2419,1412],{"class":227},[213,2421,332],{"class":231},[213,2423,287],{"class":223},[213,2425,2426],{"class":215,"line":906},[213,2427,2428],{"class":648},"    \u002F* Handle error *\u002F\n",[213,2430,2431],{"class":215,"line":929},[213,2432,323],{"class":223},[213,2434,2435,2438,2440,2442],{"class":215,"line":935},[213,2436,2437],{"class":223},"  s->len ",[213,2439,228],{"class":227},[213,2441,417],{"class":231},[213,2443,335],{"class":223},[213,2445,2447,2450,2453,2456],{"class":215,"line":2446},26,[213,2448,2449],{"class":274},"  find",[213,2451,2452],{"class":223},"(s, ",[213,2454,2455],{"class":477},"'a'",[213,2457,2458],{"class":223},");\n",[213,2460,2462],{"class":215,"line":2461},27,[213,2463,341],{"class":223},[165,2465,345],{"id":2466},"compliant-solution-5",[39,2468,2469],{},"This compliant solution avoids incrementing the pointer unless a value past the pointer's current value is known to exist:",[200,2471,2472],{"quality":354},[204,2473,2475],{"className":206,"code":2474,"language":208,"meta":209,"style":209},"#include \u003Cstdlib.h>\n \nstruct S {\n  size_t len;\n  char buf[];  \u002F* Flexible array member *\u002F\n};\n\nconst char *find(const struct S *s, int c) {\n  const char *first = s->buf;\n  const char *last  = s->buf + s->len;\n\n  while (first != last) { \u002F* Avoid incrementing here *\u002F\n    if (*++first == c) {\n      return first;\n    }\n  }\n  return NULL;\n}\n \nvoid g(void) {\n  struct S *s = (struct S *)malloc(sizeof(struct S));\n  if (s == NULL) {\n    \u002F* Handle error *\u002F\n  }\n  s->len = 0;\n  find(s, 'a');\n}\n",[108,2476,2477,2483,2487,2493,2499,2511,2515,2519,2549,2563,2581,2585,2599,2614,2620,2624,2628,2636,2640,2644,2656,2690,2702,2706,2710,2720,2730],{"__ignoreMap":209},[213,2478,2479,2481],{"class":215,"line":216},[213,2480,474],{"class":227},[213,2482,1260],{"class":477},[213,2484,2485],{"class":215,"line":238},[213,2486,483],{"class":223},[213,2488,2489,2491],{"class":215,"line":244},[213,2490,2180],{"class":219},[213,2492,2183],{"class":223},[213,2494,2495,2497],{"class":215,"line":260},[213,2496,2188],{"class":219},[213,2498,2191],{"class":223},[213,2500,2501,2503,2505,2507,2509],{"class":215,"line":265},[213,2502,2196],{"class":219},[213,2504,2199],{"class":223},[213,2506,2202],{"class":227},[213,2508,1429],{"class":223},[213,2510,2207],{"class":648},[213,2512,2513],{"class":215,"line":290},[213,2514,2212],{"class":223},[213,2516,2517],{"class":215,"line":305},[213,2518,241],{"emptyLinePlaceholder":7},[213,2520,2521,2523,2525,2527,2529,2531,2533,2535,2537,2539,2541,2543,2545,2547],{"class":215,"line":320},[213,2522,2221],{"class":227},[213,2524,2224],{"class":219},[213,2526,271],{"class":227},[213,2528,2229],{"class":274},[213,2530,278],{"class":223},[213,2532,2221],{"class":227},[213,2534,2236],{"class":219},[213,2536,2239],{"class":223},[213,2538,110],{"class":227},[213,2540,2244],{"class":283},[213,2542,1318],{"class":223},[213,2544,268],{"class":219},[213,2546,2251],{"class":283},[213,2548,287],{"class":223},[213,2550,2551,2553,2555,2557,2559,2561],{"class":215,"line":326},[213,2552,2258],{"class":227},[213,2554,2224],{"class":219},[213,2556,271],{"class":227},[213,2558,2265],{"class":223},[213,2560,228],{"class":227},[213,2562,2270],{"class":223},[213,2564,2565,2567,2569,2571,2573,2575,2577,2579],{"class":215,"line":338},[213,2566,2258],{"class":227},[213,2568,2224],{"class":219},[213,2570,271],{"class":227},[213,2572,2281],{"class":223},[213,2574,228],{"class":227},[213,2576,2286],{"class":223},[213,2578,314],{"class":227},[213,2580,2291],{"class":223},[213,2582,2583],{"class":215,"line":557},[213,2584,241],{"emptyLinePlaceholder":7},[213,2586,2587,2589,2592,2594,2596],{"class":215,"line":566},[213,2588,878],{"class":227},[213,2590,2591],{"class":223}," (first ",[213,2593,889],{"class":227},[213,2595,2310],{"class":223},[213,2597,2598],{"class":648}," \u002F* Avoid incrementing here *\u002F\n",[213,2600,2601,2603,2605,2608,2610,2612],{"class":215,"line":778},[213,2602,1406],{"class":227},[213,2604,881],{"class":223},[213,2606,2607],{"class":227},"*++",[213,2609,2265],{"class":223},[213,2611,1412],{"class":227},[213,2613,2328],{"class":223},[213,2615,2616,2618],{"class":215,"line":792},[213,2617,1421],{"class":227},[213,2619,2335],{"class":223},[213,2621,2622],{"class":215,"line":797},[213,2623,1437],{"class":223},[213,2625,2626],{"class":215,"line":802},[213,2627,323],{"class":223},[213,2629,2630,2632,2634],{"class":215,"line":812},[213,2631,329],{"class":227},[213,2633,332],{"class":231},[213,2635,335],{"class":223},[213,2637,2638],{"class":215,"line":824},[213,2639,341],{"class":223},[213,2641,2642],{"class":215,"line":840},[213,2643,483],{"class":223},[213,2645,2646,2648,2650,2652,2654],{"class":215,"line":846},[213,2647,1886],{"class":219},[213,2649,2366],{"class":274},[213,2651,278],{"class":223},[213,2653,1886],{"class":219},[213,2655,287],{"class":223},[213,2657,2658,2660,2662,2664,2666,2668,2670,2672,2674,2676,2678,2680,2682,2684,2686,2688],{"class":215,"line":857},[213,2659,2377],{"class":219},[213,2661,2239],{"class":223},[213,2663,110],{"class":227},[213,2665,2384],{"class":223},[213,2667,228],{"class":227},[213,2669,881],{"class":223},[213,2671,2180],{"class":219},[213,2673,2239],{"class":223},[213,2675,110],{"class":227},[213,2677,1380],{"class":223},[213,2679,2399],{"class":274},[213,2681,278],{"class":223},[213,2683,1389],{"class":227},[213,2685,278],{"class":223},[213,2687,2180],{"class":219},[213,2689,2410],{"class":223},[213,2691,2692,2694,2696,2698,2700],{"class":215,"line":875},[213,2693,293],{"class":227},[213,2695,2417],{"class":223},[213,2697,1412],{"class":227},[213,2699,332],{"class":231},[213,2701,287],{"class":223},[213,2703,2704],{"class":215,"line":906},[213,2705,2428],{"class":648},[213,2707,2708],{"class":215,"line":929},[213,2709,323],{"class":223},[213,2711,2712,2714,2716,2718],{"class":215,"line":935},[213,2713,2437],{"class":223},[213,2715,228],{"class":227},[213,2717,417],{"class":231},[213,2719,335],{"class":223},[213,2721,2722,2724,2726,2728],{"class":215,"line":2446},[213,2723,2449],{"class":274},[213,2725,2452],{"class":223},[213,2727,2455],{"class":477},[213,2729,2458],{"class":223},[213,2731,2732],{"class":215,"line":2461},[213,2733,341],{"class":223},[165,2735,2737,2740],{"id":2736},"noncompliant-code-example-null-pointer-arithmetic",[78,2738],{"id":2739},"ARR30C.Donotformoruseoutofboundspointersorarraysubscripts-NullPointerArithmetic"," Noncompliant Code Example (Null Pointer Arithmetic)",[39,2742,2743,2744,2749,2750,2753],{},"This noncompliant code example is similar to an ",[78,2745,2748],{"href":2746,"rel":2747},"http:\u002F\u002Fwww.iss.net\u002Fthreats\u002F289.html",[612],"Adobe Flash Player vulnerability"," that was first exploited in 2008. This code allocates a block of memory and initializes it with some data. The data does not belong at the beginning of the block, which is left uninitialized. Instead, it is placed ",[108,2751,2752],{},"offset"," bytes within the block. The function ensures that the data fits within the allocated block.",[200,2755,2756],{"quality":202},[204,2757,2759],{"className":206,"code":2758,"language":208,"meta":209,"style":209},"#include \u003Cstring.h>\n#include \u003Cstdlib.h>\n\nchar *init_block(size_t block_size, size_t offset,\n                 char *data, size_t data_size) {\n  char *buffer = malloc(block_size);\n  if (data_size > block_size || block_size - data_size \u003C offset) {\n    \u002F* Data won't fit in buffer, handle error *\u002F\n  }\n  memcpy(buffer + offset, data, data_size);\n  return buffer;\n}\n",[108,2760,2761,2768,2774,2778,2804,2823,2840,2867,2872,2876,2889,2896],{"__ignoreMap":209},[213,2762,2763,2765],{"class":215,"line":216},[213,2764,474],{"class":227},[213,2766,2767],{"class":477}," \u003Cstring.h>\n",[213,2769,2770,2772],{"class":215,"line":238},[213,2771,474],{"class":227},[213,2773,1260],{"class":477},[213,2775,2776],{"class":215,"line":244},[213,2777,241],{"emptyLinePlaceholder":7},[213,2779,2780,2783,2785,2788,2790,2792,2795,2797,2799,2802],{"class":215,"line":260},[213,2781,2782],{"class":219},"char",[213,2784,271],{"class":227},[213,2786,2787],{"class":274},"init_block",[213,2789,278],{"class":223},[213,2791,526],{"class":219},[213,2793,2794],{"class":283}," block_size",[213,2796,1318],{"class":223},[213,2798,526],{"class":219},[213,2800,2801],{"class":283}," offset",[213,2803,821],{"class":223},[213,2805,2806,2809,2811,2814,2816,2818,2821],{"class":215,"line":265},[213,2807,2808],{"class":219},"                 char",[213,2810,271],{"class":227},[213,2812,2813],{"class":283},"data",[213,2815,1318],{"class":223},[213,2817,526],{"class":219},[213,2819,2820],{"class":283}," data_size",[213,2822,287],{"class":223},[213,2824,2825,2827,2829,2832,2834,2837],{"class":215,"line":290},[213,2826,2196],{"class":219},[213,2828,271],{"class":227},[213,2830,2831],{"class":223},"buffer ",[213,2833,228],{"class":227},[213,2835,2836],{"class":274}," malloc",[213,2838,2839],{"class":223},"(block_size);\n",[213,2841,2842,2844,2847,2849,2852,2855,2857,2859,2862,2864],{"class":215,"line":305},[213,2843,293],{"class":227},[213,2845,2846],{"class":223}," (data_size ",[213,2848,1622],{"class":227},[213,2850,2851],{"class":223}," block_size ",[213,2853,2854],{"class":227},"||",[213,2856,2851],{"class":223},[213,2858,1597],{"class":227},[213,2860,2861],{"class":223}," data_size ",[213,2863,299],{"class":227},[213,2865,2866],{"class":223}," offset) {\n",[213,2868,2869],{"class":215,"line":320},[213,2870,2871],{"class":648},"    \u002F* Data won't fit in buffer, handle error *\u002F\n",[213,2873,2874],{"class":215,"line":326},[213,2875,323],{"class":223},[213,2877,2878,2881,2884,2886],{"class":215,"line":338},[213,2879,2880],{"class":274},"  memcpy",[213,2882,2883],{"class":223},"(buffer ",[213,2885,314],{"class":227},[213,2887,2888],{"class":223}," offset, data, data_size);\n",[213,2890,2891,2893],{"class":215,"line":557},[213,2892,329],{"class":227},[213,2894,2895],{"class":223}," buffer;\n",[213,2897,2898],{"class":215,"line":566},[213,2899,341],{"class":223},[39,2901,2902,2903,2907,2908,2911,2912,2914,2915,2918,2919,955],{},"This function fails to check if the allocation succeeds, which is a violation of ",[78,2904,2906],{"href":2905},"\u002Fsei-cert-c-coding-standard\u002Frules\u002Ferror-handling-err\u002Ferr33-c","ERR33-C. Detect and handle standard library errors"," . If the allocation fails, then ",[108,2909,2910],{},"malloc()"," returns a null pointer. The null pointer is added to ",[108,2913,2752],{}," and passed as the destination argument to ",[108,2916,2917],{},"memcpy()"," . Because a null pointer does not point to a valid object, the result of the pointer arithmetic is ",[78,2920,194],{"href":80},[39,2922,2923,2924,2927,2928,2930,2931,2933,2934,2936,2937,2939,2940,2943,2944,2946,2947,2949],{},"An attacker who can supply the arguments to this function can exploit it to execute arbitrary code. This can be accomplished by providing an overly large value for ",[108,2925,2926],{},"block_size"," , which causes ",[108,2929,2910],{}," to fail and return a null pointer. The ",[108,2932,2752],{}," argument will then serve as the destination address to the call to ",[108,2935,2917],{}," . The attacker can specify the ",[108,2938,2813],{}," and ",[108,2941,2942],{},"data_size"," arguments to provide the address and length of the address, respectively, that the attacker wishes to write into the memory referenced by ",[108,2945,2752],{}," . The overall result is that the call to ",[108,2948,2917],{}," can be exploited by an attacker to overwrite an arbitrary memory location with an attacker-supplied address, typically resulting in arbitrary code execution.",[165,2951,2953],{"id":2952},"compliant-solutionnull-pointer-arithmetic","Compliant Solution  (Null Pointer Arithmetic)",[39,2955,2956,2957,2959],{},"This compliant solution ensures that the call to ",[108,2958,2910],{}," succeeds:",[200,2961,2962],{"quality":354},[204,2963,2965],{"className":206,"code":2964,"language":208,"meta":209,"style":209},"#include \u003Cstring.h>\n#include \u003Cstdlib.h>\n\nchar *init_block(size_t block_size, size_t offset,\n                 char *data, size_t data_size) {\n  char *buffer = malloc(block_size);\n  if (NULL == buffer) {\n    \u002F* Handle error *\u002F\n  }\n  if (data_size > block_size || block_size - data_size \u003C offset) {\n    \u002F* Data won't fit in buffer, handle error *\u002F\n  }\n  memcpy(buffer + offset, data, data_size);\n  return buffer;\n}\n",[108,2966,2967,2973,2979,2983,3005,3021,3035,3050,3054,3058,3080,3084,3088,3098,3104],{"__ignoreMap":209},[213,2968,2969,2971],{"class":215,"line":216},[213,2970,474],{"class":227},[213,2972,2767],{"class":477},[213,2974,2975,2977],{"class":215,"line":238},[213,2976,474],{"class":227},[213,2978,1260],{"class":477},[213,2980,2981],{"class":215,"line":244},[213,2982,241],{"emptyLinePlaceholder":7},[213,2984,2985,2987,2989,2991,2993,2995,2997,2999,3001,3003],{"class":215,"line":260},[213,2986,2782],{"class":219},[213,2988,271],{"class":227},[213,2990,2787],{"class":274},[213,2992,278],{"class":223},[213,2994,526],{"class":219},[213,2996,2794],{"class":283},[213,2998,1318],{"class":223},[213,3000,526],{"class":219},[213,3002,2801],{"class":283},[213,3004,821],{"class":223},[213,3006,3007,3009,3011,3013,3015,3017,3019],{"class":215,"line":265},[213,3008,2808],{"class":219},[213,3010,271],{"class":227},[213,3012,2813],{"class":283},[213,3014,1318],{"class":223},[213,3016,526],{"class":219},[213,3018,2820],{"class":283},[213,3020,287],{"class":223},[213,3022,3023,3025,3027,3029,3031,3033],{"class":215,"line":290},[213,3024,2196],{"class":219},[213,3026,271],{"class":227},[213,3028,2831],{"class":223},[213,3030,228],{"class":227},[213,3032,2836],{"class":274},[213,3034,2839],{"class":223},[213,3036,3037,3039,3041,3044,3047],{"class":215,"line":305},[213,3038,293],{"class":227},[213,3040,881],{"class":223},[213,3042,3043],{"class":231},"NULL",[213,3045,3046],{"class":227}," ==",[213,3048,3049],{"class":223}," buffer) {\n",[213,3051,3052],{"class":215,"line":320},[213,3053,2428],{"class":648},[213,3055,3056],{"class":215,"line":326},[213,3057,323],{"class":223},[213,3059,3060,3062,3064,3066,3068,3070,3072,3074,3076,3078],{"class":215,"line":338},[213,3061,293],{"class":227},[213,3063,2846],{"class":223},[213,3065,1622],{"class":227},[213,3067,2851],{"class":223},[213,3069,2854],{"class":227},[213,3071,2851],{"class":223},[213,3073,1597],{"class":227},[213,3075,2861],{"class":223},[213,3077,299],{"class":227},[213,3079,2866],{"class":223},[213,3081,3082],{"class":215,"line":557},[213,3083,2871],{"class":648},[213,3085,3086],{"class":215,"line":566},[213,3087,323],{"class":223},[213,3089,3090,3092,3094,3096],{"class":215,"line":778},[213,3091,2880],{"class":274},[213,3093,2883],{"class":223},[213,3095,314],{"class":227},[213,3097,2888],{"class":223},[213,3099,3100,3102],{"class":215,"line":792},[213,3101,329],{"class":227},[213,3103,2895],{"class":223},[213,3105,3106],{"class":215,"line":797},[213,3107,341],{"class":223},[165,3109,3111],{"id":3110},"risk-assessment","Risk Assessment",[39,3113,3114],{},"Writing to out-of-range pointers or array subscripts can result in a buffer overflow and the execution of arbitrary code with the permissions of the vulnerable process. Reading from out-of-range pointers or array subscripts can result in unintended information disclosure.",[43,3116,3117,3118,3117,3145],{},"\n  ",[46,3119,3120,3121,3117],{},"\n    ",[49,3122,3123,3124,3123,3127,3123,3130,3123,3133,3123,3136,3123,3139,3123,3142,3120],{},"\n      ",[52,3125,3126],{},"Rule",[52,3128,3129],{},"Severity",[52,3131,3132],{},"Likelihood",[52,3134,3135],{},"Detectable",[52,3137,3138],{},"Repairable",[52,3140,3141],{},"Priority",[52,3143,3144],{},"Level",[59,3146,3120,3147,3117],{},[49,3148,3123,3149,3123,3152,3123,3155,3123,3158,3123,3161,3123,3163,3123,3170,3120],{},[64,3150,3151],{},"ARR30-C",[64,3153,3154],{},"High",[64,3156,3157],{},"Likely",[64,3159,3160],{},"No",[64,3162,3160],{},[64,3164,3166],{"style":3165},"color: #f1c40f;",[3167,3168,3169],"b",{},"P9",[64,3171,3172],{"style":3165},[3167,3173,3174],{},"L2",[3176,3177,3179],"h3",{"id":3178},"automated-detection","Automated Detection",[43,3181,3184],{"className":3182},[3183],"wrapped",[59,3185,3186,3209,3266,3294,3355,3444,3474,3527,3555,3589,3622,3727,3757,3781,3800,3829,3881,3946,3977,4080],{},[49,3187,3190,3195,3200,3205],{"className":3188},[3189],"header",[52,3191,3192],{},[39,3193,3194],{},"Tool",[52,3196,3197],{},[39,3198,3199],{},"Version",[52,3201,3202],{},[39,3203,3204],{},"Checker",[52,3206,3207],{},[39,3208,69],{},[49,3210,3213,3219,3227,3255],{"className":3211},[3212],"odd",[64,3214,3215],{},[78,3216,3218],{"href":3217},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fastree","Astrée",[64,3220,3221],{},[3222,3223,3226],"div",{"className":3224},[3225],"content-wrapper","25.10",[64,3228,3229],{},[39,3230,3231,3247,3248,3254],{},[3232,3233,3234,3235,3238,3239,3241,3242,3244,3245],"strong",{},"array-index-range",[3236,3237],"br",{},"\narray-index-range-constant",[3236,3240],{},"\nnull-dereferencing",[3236,3243],{},"\npointered-deallocation",[3236,3246],{}," ",[3232,3249,3250,3251,3253],{},"return-reference-local",[3236,3252],{},"\ncsa-stack-address-escape"," (C++)",[64,3256,3257,3260,3263],{},[39,3258,3259],{},"Partially checked",[39,3261,3262],{},"Can detect all accesses to invalid pointers as well as array index out-of-bounds accesses and prove their absence.",[39,3264,3265],{},"This rule is only partially checked as invalid but unused pointers may not be reported.",[49,3267,3270,3276,3284,3291],{"className":3268},[3269],"even",[64,3271,3272],{},[78,3273,3275],{"href":3274},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Faxivion-bauhaus-suite","Axivion Bauhaus Suite",[64,3277,3278],{},[3222,3279,3281],{"className":3280},[3225],[39,3282,3283],{},"7.2.0",[64,3285,3286],{},[3232,3287,3288,3289],{},"CertC-ARR30",[3236,3290],{},[64,3292,3293],{},"Can detect out-of-bound access to array \u002F buffer",[49,3295,3297,3303,3311,3338],{"className":3296},[3212],[64,3298,3299],{},[78,3300,3302],{"href":3301},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fcodee","Codee",[64,3304,3305],{},[3222,3306,3308],{"className":3307},[3225],[39,3309,3310],{},"2025.4.9",[64,3312,3313,3318,3323,3328,3333],{},[39,3314,3315],{},[3232,3316,3317],{},"PWR014",[39,3319,3320],{},[3232,3321,3322],{},"PWD004",[39,3324,3325],{},[3232,3326,3327],{},"PWD005",[39,3329,3330],{},[3232,3331,3332],{},"PWD006",[39,3334,3335],{},[3232,3336,3337],{},"PWD008",[64,3339,3340,3343,3346,3349,3352],{},[39,3341,3342],{},"Out-of-dimension-bounds matrix access",[39,3344,3345],{},"Out-of-memory-bounds array access",[39,3347,3348],{},"Array range copied to or from the GPU does not cover the used range",[39,3350,3351],{},"Missing deep copy of non-contiguous data to the GPU",[39,3353,3354],{},"Unprotected multithreading recurrence due to out-of-dimension-bounds array access",[49,3356,3358,3364,3370,3415],{"className":3357},[3269],[64,3359,3360],{},[78,3361,3363],{"href":3362},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fcodesonar","CodeSonar",[64,3365,3366],{},[3222,3367,3369],{"className":3368},[3225],"9.1p0",[64,3371,3372],{},[39,3373,3374,3247,3379,3247,3384,3247,3389,3392,3394,3247,3402,3405,3407,3247,3412],{},[3232,3375,3376,3377],{},"LANG.MEM.BO",[3236,3378],{},[3232,3380,3381,3382],{},"LANG.MEM.BU",[3236,3383],{},[3232,3385,3386,3387],{},"LANG.MEM.TBA",[3236,3388],{},[3232,3390,3391],{},"LANG.MEM.TO",[3236,3393],{},[3232,3395,3396,3397,3399,3400],{},"LANG.MEM.TU",[3236,3398],{},"\nLANG.STRUCT.PARITH",[3236,3401],{},[3232,3403,3404],{},"LANG.STRUCT.PBB",[3236,3406],{},[3232,3408,3409,3410],{},"LANG.STRUCT.PPE",[3236,3411],{},[3232,3413,3414],{},"BADFUNC.BO.*",[64,3416,3417],{},[39,3418,3419,3420,3422,3423,3425,3426,3428,3429,3431,3432,3434,3435,3437,3438,3440,3441,3443],{},"Buffer overrun",[3236,3421],{},"\nBuffer underrun",[3236,3424],{},"\nTainted buffer access",[3236,3427],{},"\nType overrun",[3236,3430],{},"\nType underrun",[3236,3433],{},"\nPointer Arithmetic",[3236,3436],{},"\nPointer before beginning of object",[3236,3439],{},"\nPointer past end of object",[3236,3442],{},"\nA collection of warning classes that report uses of library functions prone to internal buffer overflows.",[49,3445,3447,3453,3457,3461],{"className":3446},[3212],[64,3448,3449],{},[78,3450,3452],{"href":3451},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Frose","Compass\u002FROSE",[64,3454,3455],{},[3236,3456],{},[64,3458,3459],{},[3236,3460],{},[64,3462,3463,3466,3471],{},[39,3464,3465],{},"Could be configured to catch violations of this rule. The way to catch the noncompliant code example is to first hunt for example code that follows this pattern:",[204,3467,3468],{},[108,3469,3470],{},"   for (LPWSTR pwszTemp = pwszPath + 2; *pwszTemp != L'\\\\';\n   *pwszTemp++;)",[39,3472,3473],{},"In particular, the iteration variable is a pointer, it gets incremented, and the loop condition does not set an upper bound on the pointer. Once this case is handled, ROSE can handle cases like the real noncompliant code example, which is effectively the same semantics, just different syntax",[49,3475,3477,3485,3491,3513],{"className":3476},[3269],[64,3478,3479],{},[39,3480,3481],{},[78,3482,3484],{"href":3483},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fcoverity","Coverity",[64,3486,3487],{},[3222,3488,3490],{"className":3489},[3225],"2017.07",[64,3492,3493,3498,3503,3508],{},[39,3494,3495],{},[3232,3496,3497],{},"OVERRUN",[39,3499,3500],{},[3232,3501,3502],{},"NEGATIVE_RETURNS",[39,3504,3505],{},[3232,3506,3507],{},"ARRAY_VS_SINGLETON",[39,3509,3510],{},[3232,3511,3512],{},"BUFFER_SIZE",[64,3514,3515,3518,3521,3524],{},[39,3516,3517],{},"Can detect the access of memory past the end of a memory buffer\u002Farray",[39,3519,3520],{},"Can detect when the loop bound may become negative",[39,3522,3523],{},"Can detect the out-of-bound read\u002Fwrite to array allocated statically or dynamically",[39,3525,3526],{},"Can detect buffer overflows",[49,3528,3530,3536,3542,3549],{"className":3529},[3212],[64,3531,3532],{},[78,3533,3535],{"href":3534},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fcppcheck","Cppcheck",[64,3537,3538],{},[3222,3539,3541],{"className":3540},[3225],"2.15",[64,3543,3544],{},[39,3545,3546],{},[3232,3547,3548],{},"arrayIndexOutOfBounds, outOfBounds, negativeIndex, arrayIndexThenCheck, arrayIndexOutOfBoundsCond,  possibleBufferAccessOutOfBounds",[64,3550,3551],{},[39,3552,3553],{},[3236,3554],{},[49,3556,3558,3564,3572,3583],{"className":3557},[3269],[64,3559,3560],{},[78,3561,3563],{"href":3562},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fcppcheck-premium","Cppcheck Premium",[64,3565,3566],{},[3222,3567,3569],{"className":3568},[3225],[39,3570,3571],{},"24.11.0",[64,3573,3574,3578],{},[39,3575,3576],{},[3232,3577,3548],{},[39,3579,3580],{},[3232,3581,3582],{},"premium-cert-arr30-c",[64,3584,3585],{},[39,3586,3587],{},[3236,3588],{},[49,3590,3592,3598,3606,3618],{"className":3591},[3212],[64,3593,3594],{},[78,3595,3597],{"href":3596},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fhelix-qac","Helix QAC",[64,3599,3600],{},[3222,3601,3603],{"className":3602},[3225],[39,3604,3605],{},"2025.2",[64,3607,3608,3613],{},[39,3609,3610],{},[3232,3611,3612],{},"C2840",[39,3614,3615],{},[3232,3616,3617],{},"DF2820, DF2821, DF2822, DF2823, DF2840, DF2841, DF2842, DF2843, DF2930, DF2931, DF2932, DF2933, DF2935, DF2936, DF2937, DF2938, DF2950, DF2951, DF2952, DF2953",[64,3619,3620],{},[3236,3621],{},[49,3623,3625,3631,3636,3723],{"className":3624},[3269],[64,3626,3627],{},[78,3628,3630],{"href":3629},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fklocwork","Klocwork",[64,3632,3633],{},[3222,3634,3605],{"className":3635},[3225],[64,3637,3638],{},[39,3639,3640,3643,3645,3648,3650,3653,3655,3658,3660,3663,3665,3668,3670,3673,3675,3678,3680,3683,3685,3688,3690,3693,3695,3698,3700,3703,3705,3708,3710,3713,3715,3718,3720],{},[3232,3641,3642],{},"ABV.ANY_SIZE_ARRAY",[3236,3644],{},[3232,3646,3647],{},"ABV.GENERAL",[3236,3649],{},[3232,3651,3652],{},"ABV.GENERAL.MULTIDIMENSION",[3236,3654],{},[3232,3656,3657],{},"ABV.NON_ARRAY",[3236,3659],{},[3232,3661,3662],{},"ABV.STACK",[3236,3664],{},[3232,3666,3667],{},"ABV.TAINTED",[3236,3669],{},[3232,3671,3672],{},"ABV.UNICODE.BOUND_MAP",[3236,3674],{},[3232,3676,3677],{},"ABV.UNICODE.FAILED_MAP",[3236,3679],{},[3232,3681,3682],{},"ABV.UNICODE.NNTS_MAP",[3236,3684],{},[3232,3686,3687],{},"ABV.UNICODE.SELF_MAP",[3236,3689],{},[3232,3691,3692],{},"ABV.UNKNOWN_SIZE",[3236,3694],{},[3232,3696,3697],{},"NNTS.MIGHT",[3236,3699],{},[3232,3701,3702],{},"NNTS.MUST",[3236,3704],{},[3232,3706,3707],{},"NNTS.TAINTED",[3236,3709],{},[3232,3711,3712],{},"NPD.FUNC.CALL.MIGHT",[3236,3714],{},[3232,3716,3717],{},"SV.TAINTED.INDEX_ACCESS",[3236,3719],{},[3232,3721,3722],{},"SV.TAINTED.LOOP_BOUND",[64,3724,3725],{},[3236,3726],{},[49,3728,3730,3736,3742,3754],{"className":3729},[3212],[64,3731,3732],{},[78,3733,3735],{"href":3734},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fldra","LDRA tool suite",[64,3737,3738],{},[3222,3739,3741],{"className":3740},[3225],"9.7.1",[64,3743,3744],{},[39,3745,3746,3247,3749],{},[3232,3747,3748],{},"45 D, 47 S, 476 S, 489 S, 64 X, 66 X, 68 X, 69 X, 70 X, 71 X",[3232,3750,3751,3752],{},", 79 X",[3236,3753],{},[64,3755,3756],{},"Partially implemented",[49,3758,3760,3766,3771,3778],{"className":3759},[3269],[64,3761,3762],{},[78,3763,3765],{"href":3764},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fparasoft","Parasoft C\u002FC++test",[64,3767,3768],{},[3222,3769,3605],{"className":3770},[3225],[64,3772,3773],{},[3232,3774,3775,3776],{},"CERT_C-ARR30-a",[3236,3777],{},[64,3779,3780],{},"Avoid accessing arrays out of bounds",[49,3782,3784,3789,3793,3797],{"className":3783},[3212],[64,3785,3786],{},[78,3787,3788],{"href":3764},"Parasoft Insure++",[64,3790,3791],{},[3236,3792],{},[64,3794,3795],{},[3236,3796],{},[64,3798,3799],{},"Runtime analysis",[49,3801,3803,3809,3817,3824],{"className":3802},[3269],[64,3804,3805],{},[78,3806,3808],{"href":3807},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fpc-lint-plus","PC-lint Plus",[64,3810,3811],{},[3222,3812,3814],{"className":3813},[3225],[39,3815,3816],{},"1.4",[64,3818,3819],{},[39,3820,3821],{},[3232,3822,3823],{},"413, 415, 416, 613, 661, 662, 676",[64,3825,3826],{},[39,3827,3828],{},"Fully supported",[49,3830,3832,3838,3846,3854],{"className":3831},[3212],[64,3833,3834],{},[78,3835,3837],{"href":3836},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fpolyspace-bug-finder","Polyspace Bug Finder",[64,3839,3840],{},[3222,3841,3843],{"className":3842},[3225],[39,3844,3845],{},"R2025b",[64,3847,3848],{},[39,3849,3850],{},[78,3851,3853],{"href":3852},"https:\u002F\u002Fwww.mathworks.com\u002Fhelp\u002Fbugfinder\u002Fref\u002Fcertcrulearr30c.html","CERT C: Rule ARR30-C",[64,3855,3856,3859,3878],{},[39,3857,3858],{},"Checks for:",[3860,3861,3862,3866,3869,3872,3875],"ul",{},[3863,3864,3865],"li",{},"Array access out of bounds",[3863,3867,3868],{},"Pointer access out of bounds",[3863,3870,3871],{},"Array access with tainted index",[3863,3873,3874],{},"Use of tainted pointer",[3863,3876,3877],{},"Pointer dereference with tainted offset",[39,3879,3880],{},"Rule partially covered.",[49,3882,3884,3890,3898,3942],{"className":3883},[3269],[64,3885,3886],{},[78,3887,3889],{"href":3888},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fpvs-studio","PVS-Studio",[64,3891,3892],{},[3222,3893,3895],{"className":3894},[3225],[39,3896,3897],{},"7.42",[64,3899,3900,91,3906,91,3912,91,3918,91,3924,91,3930,91,3936],{},[78,3901,3903],{"href":3902},"https:\u002F\u002Fpvs-studio.com\u002Fen\u002Fdocs\u002Fwarnings\u002Fv512\u002F",[3232,3904,3905],{},"V512",[78,3907,3909],{"href":3908},"https:\u002F\u002Fpvs-studio.com\u002Fen\u002Fdocs\u002Fwarnings\u002Fv557\u002F",[3232,3910,3911],{},"V557",[78,3913,3915],{"href":3914},"https:\u002F\u002Fpvs-studio.com\u002Fen\u002Fdocs\u002Fwarnings\u002Fv582\u002F",[3232,3916,3917],{},"V582",[78,3919,3921],{"href":3920},"https:\u002F\u002Fpvs-studio.com\u002Fen\u002Fdocs\u002Fwarnings\u002Fv594\u002F",[3232,3922,3923],{},"V594",[78,3925,3927],{"href":3926},"https:\u002F\u002Fpvs-studio.com\u002Fen\u002Fdocs\u002Fwarnings\u002Fv643\u002F",[3232,3928,3929],{},"V643",[78,3931,3933],{"href":3932},"https:\u002F\u002Fpvs-studio.com\u002Fen\u002Fdocs\u002Fwarnings\u002Fv645\u002F",[3232,3934,3935],{},"V645",[3232,3937,3938],{},[78,3939,3941],{"href":3940},"https:\u002F\u002Fpvs-studio.com\u002Fen\u002Fdocs\u002Fwarnings\u002Fv694\u002F","V694",[64,3943,3944],{},[3236,3945],{},[49,3947,3949,3955,3962,3975],{"className":3948},[3212],[64,3950,3951],{},[78,3952,3954],{"href":3953},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Frulechecker","RuleChecker",[64,3956,3957],{},[3222,3958,3960],{"className":3959},[3225],[39,3961,3226],{},[64,3963,3964],{},[3232,3965,3966,3967,3969,3970,3972,3973],{},"array-index-range-constant",[3236,3968],{},"\nreturn-reference-local",[3236,3971],{},"\ncsa-stack-address-escape (C++)",[3236,3974],{},[64,3976,3259],{},[49,3978,3980,3986,3994,4075],{"className":3979},[3269],[64,3981,3982],{},[78,3983,3985],{"href":3984},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fsecurity-reviewer-static-reviewer","Security Reviewer - Static Reviewer",[64,3987,3988],{},[3222,3989,3991],{"className":3990},[3225],[39,3992,3993],{},"6.02",[64,3995,3996],{},[39,3997,3998,3247,4003,3247,4008,3247,4013,3247,4018,3247,4023,3247,4028,3247,4033,3247,4038,3247,4043,3247,4048,3247,4053,3247,4058,3247,4062,3247,4067,3247,4072],{},[3232,3999,4000,4001],{},"arrayIndexOutOfBoundsCond",[3236,4002],{},[3232,4004,4005,4006],{},"assignmentInAssert",[3236,4007],{},[3232,4009,4010,4011],{},"autoVariables",[3236,4012],{},[3232,4014,4015,4016],{},"autovarInvalidDeallocation",[3236,4017],{},[3232,4019,4020,4021],{},"C01",[3236,4022],{},[3232,4024,4025,4026],{},"C02",[3236,4027],{},[3232,4029,4030,4031],{},"C03",[3236,4032],{},[3232,4034,4035,4036],{},"C04",[3236,4037],{},[3232,4039,4040,4041],{},"C05",[3236,4042],{},[3232,4044,4045,4046],{},"C06",[3236,4047],{},[3232,4049,4050,4051],{},"C07",[3236,4052],{},[3232,4054,4055,4056],{},"C08",[3236,4057],{},[3232,4059,4055,4060],{},[3236,4061],{},[3232,4063,4064,4065],{},"C09",[3236,4066],{},[3232,4068,4069,4070],{},"C10",[3236,4071],{},[3232,4073,4074],{},"C49",[64,4076,4077],{},[39,4078,4079],{},"Fully Implemented",[49,4081,4083,4089,4097,4102],{"className":4082},[3212],[64,4084,4085],{},[78,4086,4088],{"href":4087},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Ftrustinsoft-analyzer","TrustInSoft Analyzer",[64,4090,4091],{},[3222,4092,4094],{"className":4093},[3225],[39,4095,4096],{},"1.38",[64,4098,4099],{},[3232,4100,4101],{},"index_in_address",[64,4103,4104],{},[39,4105,4106,4107,140],{},"Exhaustively verified (see ",[78,4108,4110],{"href":4109},"https:\u002F\u002Ftaas.trust-in-soft.com\u002Ftsnippet\u002Ft\u002F3a7bd506","one compliant and one non-compliant example",[3176,4112,4114],{"id":4113},"related-vulnerabilities","Related Vulnerabilities",[39,4116,4117,4122,4123,604],{},[78,4118,4121],{"href":4119,"rel":4120},"http:\u002F\u002Fweb.nvd.nist.gov\u002Fview\u002Fvuln\u002Fdetail?vulnId=CVE-2008-1517",[612],"CVE-2008-1517"," results from a violation of this rule. Before Mac OSX version 10.5.7, the XNU kernel accessed an array at an unverified user-input index, allowing an attacker to execute arbitrary code by passing an index greater than the length of the array and therefore accessing outside memory [ ",[78,4124,4127],{"href":4125,"rel":4126},"http:\u002F\u002Fxorl.wordpress.com\u002F2009\u002F06\u002F09\u002Fcve-2008-1517-apple-mac-os-x-xnu-missing-array-index-validation\u002F",[612],"xorl 2009",[39,4129,4130,4131,4135,4136,955],{},"Search for ",[78,4132,4134],{"href":4133},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fbb-definitions#BB.Definitions-vulnerability","vulnerabilities"," resulting from the violation of this rule on the ",[78,4137,4140],{"href":4138,"rel":4139},"https:\u002F\u002Fwww.kb.cert.org\u002Fvulnotes\u002Fbymetric?searchview&query=FIELD+KEYWORDS+contains+ARR30-C",[612],"CERT website",[165,4142,4144],{"id":4143},"related-guidelines","Related Guidelines",[39,4146,4147,4151],{},[78,4148,4150],{"href":4149},"\u002Fsei-cert-c-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fhow-this-coding-standard-is-organized#HowthisCodingStandardisOrganized-RelatedGuidelines","Key here"," (explains table format and definitions)",[43,4153,4154,4164],{},[46,4155,4156],{},[49,4157,4158,4160,4162],{},[52,4159],{},[52,4161],{},[52,4163],{},[59,4165,4166,4177,4191,4202,4215,4233,4251,4268],{},[49,4167,4168,4171,4174],{},[64,4169,4170],{},"Taxonomy",[64,4172,4173],{},"Taxonomy item",[64,4175,4176],{},"Relationship",[49,4178,4179,4185,4188],{},[64,4180,4181],{},[78,4182,4184],{"href":4183},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Faa-bibliography#AA.Bibliography-ISO-IECTR24772-2013","ISO\u002FIEC TR 24772:2013",[64,4186,4187],{},"Arithmetic Wrap-Around Error [FIF]",[64,4189,4190],{},"Prior to 2018-01-12: CERT: Unspecified Relationship",[49,4192,4193,4197,4200],{},[64,4194,4195],{},[78,4196,4184],{"href":4183},[64,4198,4199],{},"Unchecked Array Indexing [XYZ]",[64,4201,4190],{},[49,4203,4204,4210,4213],{},[64,4205,4206],{},[78,4207,4209],{"href":4208},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Faa-bibliography#AA.Bibliography-ISO-IECTS17961","ISO\u002FIEC TS 17961",[64,4211,4212],{},"Forming or using out-of-bounds pointers or array subscripts [invptr]",[64,4214,4190],{},[49,4216,4217,4224,4230],{},[64,4218,4219],{},[78,4220,4223],{"href":4221,"rel":4222},"https:\u002F\u002Fcwe.mitre.org\u002Fdata\u002Findex.html",[612],"CWE 2.11",[64,4225,4226,4229],{},[78,4227,613],{"href":610,"rel":4228},[612]," , Improper Restriction of Operations within the Bounds of a Memory Buffer",[64,4231,4232],{},"2017-05-18: CERT: Rule subset of CWE",[49,4234,4235,4240,4248],{},[64,4236,4237],{},[78,4238,4223],{"href":4221,"rel":4239},[612],[64,4241,4242,4247],{},[78,4243,4246],{"href":4244,"rel":4245},"https:\u002F\u002Fcwe.mitre.org\u002Fdata\u002Fdefinitions\u002F123.html",[612],"CWE-123"," , Write-what-where Condition",[64,4249,4250],{},"2017-05-18: CERT: Partial overlap",[49,4252,4253,4258,4266],{},[64,4254,4255],{},[78,4256,4223],{"href":4221,"rel":4257},[612],[64,4259,4260,4265],{},[78,4261,4264],{"href":4262,"rel":4263},"https:\u002F\u002Fcwe.mitre.org\u002Fdata\u002Fdefinitions\u002F125.html",[612],"CWE-125"," , Out-of-bounds Read",[64,4267,4250],{},[49,4269,4270,4276,4279],{},[64,4271,4272],{},[78,4273,4275],{"href":4274},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Faa-bibliography#AA.Bibliography-MISRA12","MISRA C:2012",[64,4277,4278],{},"Rule 18.1 (required)",[64,4280,4190],{},[165,4282,4284],{"id":4283},"cert-cwe-mapping-notes","CERT-CWE Mapping Notes",[39,4286,4287,4290],{},[78,4288,4150],{"href":4289},"\u002Fsei-cert-c-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fhow-this-coding-standard-is-organized#HowthisCodingStandardisOrganized-CERT-CWEMappingNotes"," for mapping notes",[3176,4292,4294],{"id":4293},"cwe-119-and-arr30-c","CWE-119 and ARR30-C",[39,4296,4297],{},"Independent( ARR30-C, ARR38-C, ARR32-C, INT30-C, INT31-C, EXP39-C, EXP33-C, FIO37-C)",[39,4299,4300],{},"STR31-C = Subset( Union( ARR30-C, ARR38-C))",[39,4302,4303],{},"STR32-C = Subset( ARR38-C)",[39,4305,4306],{},"CWE-119 = Union( ARR30-C, ARR38-C)",[39,4308,4309],{},"Intersection( ARR30-C, ARR38-C) = Ø",[3176,4311,4313],{"id":4312},"cwe-394-and-arr30-c","CWE-394 and ARR30-C",[39,4315,4316],{},"Intersection( ARR30-C, CWE-394) = Ø",[39,4318,4319],{},"CWE-394 deals with potentially-invalid function return values. Which may be used as an (invalid) array index, but validating the return value is a separate operation.",[3176,4321,4323],{"id":4322},"cwe-125-and-arr30-c","CWE-125 and ARR30-C",[39,4325,4326],{},"Independent( ARR30-C, ARR38-C, EXP39-C, INT30-C)",[39,4328,4300],{},[39,4330,4303],{},[39,4332,4333],{},"CWE-125 = Subset( CWE-119) = Union( ARR30-C, ARR38-C)",[39,4335,4336],{},"Intersection( ARR30-C, CWE-125) =",[3860,4338,4339],{},[3863,4340,4341],{},"Reading from an out-of-bounds array index, or off the end of an array",[39,4343,4344],{},"ARR30-C – CWE-125 =",[3860,4346,4347],{},[3863,4348,4349],{},"Writing to an out-of-bounds array index, or off the end of an array",[39,4351,4352],{},"CWE-125 – ARR30-C =",[3860,4354,4355],{},[3863,4356,4357],{},"Reading beyond a non-array buffer",[3860,4359,4360],{},[3863,4361,4362],{},"Using a library function to achieve an out-of-bounds read.",[3176,4364,4366],{"id":4365},"cwe-123-and-arr30-c","CWE-123 and ARR30-C",[39,4368,4369],{},"Independent(ARR30-C, ARR38-C)",[39,4371,4300],{},[39,4373,4303],{},[39,4375,4376],{},"Intersection( CWE-123, ARR30-C) =",[3860,4378,4379],{},[3863,4380,4381],{},"Write of arbitrary value to arbitrary (probably invalid) array index",[39,4383,4384],{},"ARR30-C – CWE-123 =",[3860,4386,4387],{},[3863,4388,4389],{},"Read of value from arbitrary (probably invalid) array index",[3860,4391,4392],{},[3863,4393,4394],{},"Construction of invalid index (pointer arithmetic)",[39,4396,4397],{},"CWE-123 – ARR30-C =",[3860,4399,4400],{},[3863,4401,4402],{},"Arbitrary writes that do not involve directly constructing an invalid array index",[3176,4404,4406],{"id":4405},"cwe-129-and-arr30-c","CWE-129 and ARR30-C",[39,4408,4409],{},"Independent( ARR30-C, ARR32-C, INT31-C, INT32-C)",[39,4411,4412],{},"ARR30-C = Union( CWE-129, list), where list =",[3860,4414,4415],{},[3863,4416,4417],{},"Dereferencing an out-of-bounds array index, where index is a trusted value",[3860,4419,4420],{},[3863,4421,4422],{},"Forming an out-of-bounds array index, without dereferencing it, whether or not index is a trusted value. (This excludes the array’s TOOFAR index, which is one past the final element; this behavior is well-defined in C11.)",[3176,4424,4426],{"id":4425},"cwe-120-and-arr30-c","CWE-120 and ARR30-C",[39,4428,4429],{},"See CWE-120 and MEM35-C",[3176,4431,4433],{"id":4432},"cwe-122-and-arr30-c","CWE-122 and ARR30-C",[39,4435,4436],{},"Intersection( ARR30-C, CWE-122) = Ø",[39,4438,4439],{},"CWE-122 specifically addresses buffer overflows on the heap operations, which occur in the context of string-copying. ARR30 specifically addresses improper creation or references of array indices. Which might happen as part of a heap buffer overflow, but is on a lower programming level.",[3176,4441,4443],{"id":4442},"cwe-20-and-arr30-c","CWE-20 and ARR30-C",[39,4445,4446],{},"See CWE-20 and ERR34-C",[3176,4448,4450],{"id":4449},"cwe-687-and-arr30-c","CWE-687 and ARR30-C",[39,4452,4453],{},"Intersection( CWE-687, ARR30-C) = Ø",[39,4455,4456],{},"ARR30-C is about invalid array indices which are created through pointer arithmetic, and dereferenced through an operator (* or []). Neither involve function calls, thus CWE-687 does not apply.",[3176,4458,4460],{"id":4459},"cwe-786-and-arr30-c","CWE-786 and ARR30-C",[39,4462,4463],{},"ARR30-C = Union( CWE-786, list) where list =",[3860,4465,4466],{},[3863,4467,4468],{},"Access of memory location after end of buffer",[3860,4470,4471],{},[3863,4472,4473],{},"Construction of invalid arry reference (pointer). This does not include an out-of-bounds array index (an integer).",[3176,4475,4477],{"id":4476},"cwe-789-and-arr30-c","CWE-789 and ARR30-C",[39,4479,4480],{},"Intersection( CWE-789, ARR30-C) = Ø",[39,4482,4483],{},"CWE-789 is about allocating memory, not array subscripting",[165,4485,4487],{"id":4486},"bibliography","Bibliography",[43,4489,4491,4500],{"className":4490},[3183],[4492,4493,4494,4498],"colgroup",{},[4495,4496],"col",{"style":4497},"width: 50%",[4495,4499],{"style":4497},[59,4501,4502,4517,4530,4541,4553,4565],{},[49,4503,4505,4513],{"className":4504},[3212],[64,4506,4507,4508,4512],{},"[ ",[78,4509,4511],{"href":4510},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Faa-bibliography#AA.Bibliography-Finlay03","Finlay 2003"," ]",[64,4514,4515],{},[3236,4516],{},[49,4518,4520,4526],{"className":4519},[3269],[64,4521,4507,4522,4512],{},[78,4523,4525],{"href":4524},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Faa-bibliography#AA.Bibliography-Microsoft03","Microsoft 2003",[64,4527,4528],{},[3236,4529],{},[49,4531,4533,4537],{"className":4532},[3212],[64,4534,4507,4535,4512],{},[78,4536,603],{"href":602},[64,4538,4539],{},[3236,4540],{},[49,4542,4544,4550],{"className":4543},[3269],[64,4545,4507,4546,4512],{},[78,4547,4549],{"href":4548},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Faa-bibliography#AA.Bibliography-Seacord2013","Seacord 2013b",[64,4551,4552],{},"Chapter 1, \"Running with Scissors\"",[49,4554,4556,4562],{"className":4555},[3212],[64,4557,4507,4558,4512],{},[78,4559,4561],{"href":4560},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Faa-bibliography#AA.Bibliography-Viega05","Viega 2005",[64,4563,4564],{},"Section 5.2.13, \"Unchecked Array Indexing\"",[49,4566,4568,4573],{"className":4567},[3269],[64,4569,4507,4570,4512],{},[78,4571,4127],{"href":4572},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Faa-bibliography#AA.Bibliography-xorl2009",[64,4574,4575],{},[78,4576,4577],{"href":4125},"\"CVE-2008-1517: Apple Mac OS X (XNU) Missing Array Index Validation\"",[4579,4580],"hr",{},[39,4582,4583,3247,4590,3247,4595],{},[78,4584,4586],{"href":4585},"\u002Fsei-cert-c-coding-standard\u002Frules\u002Farrays-arr\u002F",[4587,4588],"img",{"src":4589},"\u002Fattachments\u002F87152044\u002F88034188.png",[78,4591,4592],{"href":4585},[4587,4593],{"src":4594},"\u002Fattachments\u002F87152044\u002F88034190.png",[78,4596,4598],{"href":4597},"\u002Fsei-cert-c-coding-standard\u002Frules\u002Farrays-arr\u002Farr32-c",[4587,4599],{"src":4600},"\u002Fattachments\u002F87152044\u002F88034189.png",[4602,4603,4604],"style",{},"html pre.shiki code .sq6CD, html code.shiki .sq6CD{--shiki-default:#D73A49;--shiki-default-font-style:inherit;--shiki-dark:#F97583;--shiki-dark-font-style:inherit;--shiki-sepia:#66D9EF;--shiki-sepia-font-style:italic}html pre.shiki code .sMOD_, html code.shiki .sMOD_{--shiki-default:#24292E;--shiki-dark:#E1E4E8;--shiki-sepia:#F8F8F2}html pre.shiki code .sC2Qs, html code.shiki .sC2Qs{--shiki-default:#D73A49;--shiki-dark:#F97583;--shiki-sepia:#F92672}html pre.shiki code .s7F3e, html code.shiki .s7F3e{--shiki-default:#005CC5;--shiki-dark:#79B8FF;--shiki-sepia:#AE81FF}html pre.shiki code .sOrwc, html code.shiki .sOrwc{--shiki-default:#E36209;--shiki-dark:#FFAB70;--shiki-sepia:#F8F8F2}html pre.shiki code .srTi1, html code.shiki .srTi1{--shiki-default:#6F42C1;--shiki-dark:#B392F0;--shiki-sepia:#A6E22E}html pre.shiki code .sTHNf, html code.shiki .sTHNf{--shiki-default:#E36209;--shiki-default-font-style:inherit;--shiki-dark:#FFAB70;--shiki-dark-font-style:inherit;--shiki-sepia:#FD971F;--shiki-sepia-font-style:italic}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html .sepia .shiki span {color: var(--shiki-sepia);background: var(--shiki-sepia-bg);font-style: var(--shiki-sepia-font-style);font-weight: var(--shiki-sepia-font-weight);text-decoration: var(--shiki-sepia-text-decoration);}html.sepia .shiki span {color: var(--shiki-sepia);background: var(--shiki-sepia-bg);font-style: var(--shiki-sepia-font-style);font-weight: var(--shiki-sepia-font-weight);text-decoration: var(--shiki-sepia-text-decoration);}html pre.shiki code .sstjo, html code.shiki .sstjo{--shiki-default:#032F62;--shiki-dark:#9ECBFF;--shiki-sepia:#E6DB74}html pre.shiki code .s-m8C, html code.shiki .s-m8C{--shiki-default:#005CC5;--shiki-default-font-style:inherit;--shiki-dark:#79B8FF;--shiki-dark-font-style:inherit;--shiki-sepia:#66D9EF;--shiki-sepia-font-style:italic}html pre.shiki code .s8-w5, html code.shiki .s8-w5{--shiki-default:#6A737D;--shiki-dark:#6A737D;--shiki-sepia:#88846F}",{"title":209,"searchDepth":238,"depth":238,"links":4606},[4607,4608,4609,4610,4611,4612,4613,4614,4615,4616,4617,4618,4619,4620,4624,4625,4638],{"id":167,"depth":238,"text":171},{"id":344,"depth":238,"text":345},{"id":456,"depth":238,"text":345},{"id":571,"depth":238,"text":575},{"id":940,"depth":238,"text":345},{"id":1159,"depth":238,"text":1163},{"id":1483,"depth":238,"text":345},{"id":1786,"depth":238,"text":1790},{"id":1982,"depth":238,"text":345},{"id":2120,"depth":238,"text":2124},{"id":2466,"depth":238,"text":345},{"id":2736,"depth":238,"text":2740},{"id":2952,"depth":238,"text":2953},{"id":3110,"depth":238,"text":3111,"children":4621},[4622,4623],{"id":3178,"depth":244,"text":3179},{"id":4113,"depth":244,"text":4114},{"id":4143,"depth":238,"text":4144},{"id":4283,"depth":238,"text":4284,"children":4626},[4627,4628,4629,4630,4631,4632,4633,4634,4635,4636,4637],{"id":4293,"depth":244,"text":4294},{"id":4312,"depth":244,"text":4313},{"id":4322,"depth":244,"text":4323},{"id":4365,"depth":244,"text":4366},{"id":4405,"depth":244,"text":4406},{"id":4425,"depth":244,"text":4426},{"id":4432,"depth":244,"text":4433},{"id":4442,"depth":244,"text":4443},{"id":4449,"depth":244,"text":4450},{"id":4459,"depth":244,"text":4460},{"id":4476,"depth":244,"text":4477},{"id":4486,"depth":238,"text":4487},"md",{"tags":4641},[4642,4643,4644,4645,4646,4647,4648,4649,4650,4651,4652],"cwe-788","in-cpp","ptc","cwe-122","arr","android-unknown","cwe-805","cwe-121","cwe-119","rule","cwe-129","\u002Fsei-cert-c-coding-standard\u002Frules\u002Farrays-arr\u002Farr30-c",{"title":30,"description":41},"4.sei-cert-c-coding-standard\u002F03.rules\u002F03.arrays-arr\u002F2.arr30-c","-zFXuGdBRWUI3CFuCOafhyDqIRyvEOhRv9sHXxWnA4Y",[4658,4662],{"title":4659,"path":4660,"stem":4661,"children":-1},"Arrays (ARR)","\u002Fsei-cert-c-coding-standard\u002Frules\u002Farrays-arr","4.sei-cert-c-coding-standard\u002F03.rules\u002F03.arrays-arr\u002F1.index",{"title":4663,"path":4597,"stem":4664,"children":-1},"ARR32-C. Ensure size arguments for variable length arrays are in a valid range","4.sei-cert-c-coding-standard\u002F03.rules\u002F03.arrays-arr\u002F3.arr32-c",[4666],{"title":4667,"path":4668,"stem":4669,"children":4670},"SEI CERT C Coding Standard","\u002Fsei-cert-c-coding-standard","4.sei-cert-c-coding-standard\u002F01.index",[4671,4672,4744,5321,5585,5599,5603,5607,5611,6424],{"title":4667,"path":4668,"stem":4669},{"title":4673,"path":4674,"stem":4675,"children":4676},"Front Matter","\u002Fsei-cert-c-coding-standard\u002Ffront-matter","4.sei-cert-c-coding-standard\u002F02.front-matter\u002F1.index",[4677,4678],{"title":4673,"path":4674,"stem":4675},{"title":4679,"path":4680,"stem":4681,"children":4682},"Introduction","\u002Fsei-cert-c-coding-standard\u002Ffront-matter\u002Fintroduction","4.sei-cert-c-coding-standard\u002F02.front-matter\u002F2.introduction\u002F01.index",[4683,4684,4688,4692,4696,4700,4704,4708,4712,4716,4720,4724,4728,4732,4736,4740],{"title":4679,"path":4680,"stem":4681},{"title":4685,"path":4686,"stem":4687},"Scope","\u002Fsei-cert-c-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fscope","4.sei-cert-c-coding-standard\u002F02.front-matter\u002F2.introduction\u002F01.scope",{"title":4689,"path":4690,"stem":4691},"Audience","\u002Fsei-cert-c-coding-standard\u002Ffront-matter\u002Fintroduction\u002Faudience","4.sei-cert-c-coding-standard\u002F02.front-matter\u002F2.introduction\u002F02.audience",{"title":4693,"path":4694,"stem":4695},"How this Coding Standard is Organized","\u002Fsei-cert-c-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fhow-this-coding-standard-is-organized","4.sei-cert-c-coding-standard\u002F02.front-matter\u002F2.introduction\u002F03.how-this-coding-standard-is-organized",{"title":4697,"path":4698,"stem":4699},"History","\u002Fsei-cert-c-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fhistory","4.sei-cert-c-coding-standard\u002F02.front-matter\u002F2.introduction\u002F04.history",{"title":4701,"path":4702,"stem":4703},"ISO\u002FIEC TS 17961 C Secure Coding Rules","\u002Fsei-cert-c-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fisoiec-ts-17961-c-secure-coding-rules","4.sei-cert-c-coding-standard\u002F02.front-matter\u002F2.introduction\u002F05.isoiec-ts-17961-c-secure-coding-rules",{"title":4705,"path":4706,"stem":4707},"Tool Selection and Validation","\u002Fsei-cert-c-coding-standard\u002Ffront-matter\u002Fintroduction\u002Ftool-selection-and-validation","4.sei-cert-c-coding-standard\u002F02.front-matter\u002F2.introduction\u002F06.tool-selection-and-validation",{"title":4709,"path":4710,"stem":4711},"Taint Analysis","\u002Fsei-cert-c-coding-standard\u002Ffront-matter\u002Fintroduction\u002Ftaint-analysis","4.sei-cert-c-coding-standard\u002F02.front-matter\u002F2.introduction\u002F07.taint-analysis",{"title":4713,"path":4714,"stem":4715},"Rules versus Recommendations","\u002Fsei-cert-c-coding-standard\u002Ffront-matter\u002Fintroduction\u002Frules-versus-recommendations","4.sei-cert-c-coding-standard\u002F02.front-matter\u002F2.introduction\u002F08.rules-versus-recommendations",{"title":4717,"path":4718,"stem":4719},"Conformance Testing","\u002Fsei-cert-c-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fconformance-testing","4.sei-cert-c-coding-standard\u002F02.front-matter\u002F2.introduction\u002F09.conformance-testing",{"title":4721,"path":4722,"stem":4723},"Development Process","\u002Fsei-cert-c-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fdevelopment-process","4.sei-cert-c-coding-standard\u002F02.front-matter\u002F2.introduction\u002F10.development-process",{"title":4725,"path":4726,"stem":4727},"Usage","\u002Fsei-cert-c-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fusage","4.sei-cert-c-coding-standard\u002F02.front-matter\u002F2.introduction\u002F11.usage",{"title":4729,"path":4730,"stem":4731},"System Qualities","\u002Fsei-cert-c-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fsystem-qualities","4.sei-cert-c-coding-standard\u002F02.front-matter\u002F2.introduction\u002F12.system-qualities",{"title":4733,"path":4734,"stem":4735},"Automatically Generated Code","\u002Fsei-cert-c-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fautomatically-generated-code","4.sei-cert-c-coding-standard\u002F02.front-matter\u002F2.introduction\u002F13.automatically-generated-code",{"title":4737,"path":4738,"stem":4739},"Government Regulations","\u002Fsei-cert-c-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fgovernment-regulations","4.sei-cert-c-coding-standard\u002F02.front-matter\u002F2.introduction\u002F14.government-regulations",{"title":4741,"path":4742,"stem":4743},"Acknowledgments","\u002Fsei-cert-c-coding-standard\u002Ffront-matter\u002Fintroduction\u002Facknowledgments","4.sei-cert-c-coding-standard\u002F02.front-matter\u002F2.introduction\u002F15.acknowledgments",{"title":4745,"path":4746,"stem":4747,"children":4748},"Rules","\u002Fsei-cert-c-coding-standard\u002Frules","4.sei-cert-c-coding-standard\u002F03.rules\u002F01.index",[4749,4750,4754,4775,4805,4867,4905,4931,4951,5017,5043,5101,5133,5163,5173,5211,5281,5299],{"title":4745,"path":4746,"stem":4747},{"title":4751,"path":4752,"stem":4753},"Application Programming Interfaces (API)","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fapplication-programming-interfaces-api","4.sei-cert-c-coding-standard\u002F03.rules\u002F02.application-programming-interfaces-api",{"title":4659,"path":4660,"stem":4661,"children":4755},[4756,4757,4758,4759,4763,4767,4771],{"title":4659,"path":4660,"stem":4661},{"title":30,"path":4653,"stem":4655},{"title":4663,"path":4597,"stem":4664},{"title":4760,"path":4761,"stem":4762},"ARR36-C. Do not subtract or compare two pointers that do not refer to the same array","\u002Fsei-cert-c-coding-standard\u002Frules\u002Farrays-arr\u002Farr36-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F03.arrays-arr\u002F4.arr36-c",{"title":4764,"path":4765,"stem":4766},"ARR37-C. Do not add or subtract an integer to a pointer to a non-array object","\u002Fsei-cert-c-coding-standard\u002Frules\u002Farrays-arr\u002Farr37-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F03.arrays-arr\u002F5.arr37-c",{"title":4768,"path":4769,"stem":4770},"ARR38-C. Guarantee that library functions do not form invalid pointers","\u002Fsei-cert-c-coding-standard\u002Frules\u002Farrays-arr\u002Farr38-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F03.arrays-arr\u002F6.arr38-c",{"title":4772,"path":4773,"stem":4774},"ARR39-C. Do not add or subtract a scaled integer to a pointer","\u002Fsei-cert-c-coding-standard\u002Frules\u002Farrays-arr\u002Farr39-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F03.arrays-arr\u002F7.arr39-c",{"title":4776,"path":4777,"stem":4778,"children":4779},"Characters and Strings (STR)","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fcharacters-and-strings-str","4.sei-cert-c-coding-standard\u002F03.rules\u002F04.characters-and-strings-str\u002F1.index",[4780,4781,4785,4789,4793,4797,4801],{"title":4776,"path":4777,"stem":4778},{"title":4782,"path":4783,"stem":4784},"STR30-C. Do not attempt to modify string literals","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fcharacters-and-strings-str\u002Fstr30-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F04.characters-and-strings-str\u002F2.str30-c",{"title":4786,"path":4787,"stem":4788},"STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fcharacters-and-strings-str\u002Fstr31-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F04.characters-and-strings-str\u002F3.str31-c",{"title":4790,"path":4791,"stem":4792},"STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fcharacters-and-strings-str\u002Fstr32-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F04.characters-and-strings-str\u002F4.str32-c",{"title":4794,"path":4795,"stem":4796},"STR34-C. Cast characters to unsigned char before converting to larger integer sizes","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fcharacters-and-strings-str\u002Fstr34-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F04.characters-and-strings-str\u002F5.str34-c",{"title":4798,"path":4799,"stem":4800},"STR37-C. Arguments to character-handling functions must be representable as an unsigned char","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fcharacters-and-strings-str\u002Fstr37-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F04.characters-and-strings-str\u002F6.str37-c",{"title":4802,"path":4803,"stem":4804},"STR38-C. Do not confuse narrow and wide character strings and functions","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fcharacters-and-strings-str\u002Fstr38-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F04.characters-and-strings-str\u002F7.str38-c",{"title":4806,"path":4807,"stem":4808,"children":4809},"Concurrency (CON)","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fconcurrency-con","4.sei-cert-c-coding-standard\u002F03.rules\u002F05.concurrency-con\u002F01.index",[4810,4811,4815,4819,4823,4827,4831,4835,4839,4843,4847,4851,4855,4859,4863],{"title":4806,"path":4807,"stem":4808},{"title":4812,"path":4813,"stem":4814},"CON30-C. Clean up thread-specific storage","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fconcurrency-con\u002Fcon30-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F05.concurrency-con\u002F02.con30-c",{"title":4816,"path":4817,"stem":4818},"CON31-C. Do not destroy a mutex while it is locked","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fconcurrency-con\u002Fcon31-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F05.concurrency-con\u002F03.con31-c",{"title":4820,"path":4821,"stem":4822},"CON32-C. Prevent data races when accessing bit-fields from multiple threads","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fconcurrency-con\u002Fcon32-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F05.concurrency-con\u002F04.con32-c",{"title":4824,"path":4825,"stem":4826},"CON33-C. Avoid race conditions when using library functions","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fconcurrency-con\u002Fcon33-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F05.concurrency-con\u002F05.con33-c",{"title":4828,"path":4829,"stem":4830},"CON34-C. Declare objects shared between threads with appropriate storage durations","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fconcurrency-con\u002Fcon34-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F05.concurrency-con\u002F06.con34-c",{"title":4832,"path":4833,"stem":4834},"CON35-C. Avoid deadlock by locking in a predefined order","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fconcurrency-con\u002Fcon35-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F05.concurrency-con\u002F07.con35-c",{"title":4836,"path":4837,"stem":4838},"CON36-C. Wrap functions that can spuriously wake up in a loop","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fconcurrency-con\u002Fcon36-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F05.concurrency-con\u002F08.con36-c",{"title":4840,"path":4841,"stem":4842},"CON37-C. Do not call signal() in a multithreaded program","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fconcurrency-con\u002Fcon37-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F05.concurrency-con\u002F09.con37-c",{"title":4844,"path":4845,"stem":4846},"CON38-C. Preserve thread safety and liveness when using condition variables","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fconcurrency-con\u002Fcon38-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F05.concurrency-con\u002F10.con38-c",{"title":4848,"path":4849,"stem":4850},"CON39-C. Do not join or detach a thread that was previously joined or detached","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fconcurrency-con\u002Fcon39-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F05.concurrency-con\u002F11.con39-c",{"title":4852,"path":4853,"stem":4854},"CON40-C. Do not refer to an atomic variable twice in an expression","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fconcurrency-con\u002Fcon40-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F05.concurrency-con\u002F12.con40-c",{"title":4856,"path":4857,"stem":4858},"CON41-C. Wrap functions that can fail spuriously in a loop","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fconcurrency-con\u002Fcon41-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F05.concurrency-con\u002F13.con41-c",{"title":4860,"path":4861,"stem":4862},"CON42-C. Don't allow attackers to influence environment variables that control concurrency parameters","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fconcurrency-con\u002Fcon42-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F05.concurrency-con\u002F14.con42-c",{"title":4864,"path":4865,"stem":4866},"CON43-C. Do not allow data races in multithreaded code","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fconcurrency-con\u002Fcon43-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F05.concurrency-con\u002F15.con43-c",{"title":4868,"path":4869,"stem":4870,"children":4871},"Declarations and Initialization (DCL)","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl","4.sei-cert-c-coding-standard\u002F03.rules\u002F06.declarations-and-initialization-dcl\u002F1.index",[4872,4873,4877,4881,4885,4889,4893,4897,4901],{"title":4868,"path":4869,"stem":4870},{"title":4874,"path":4875,"stem":4876},"DCL30-C. Declare objects with appropriate storage durations","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl\u002Fdcl30-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F06.declarations-and-initialization-dcl\u002F2.dcl30-c",{"title":4878,"path":4879,"stem":4880},"DCL31-C. Declare identifiers before using them","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl\u002Fdcl31-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F06.declarations-and-initialization-dcl\u002F3.dcl31-c",{"title":4882,"path":4883,"stem":4884},"DCL36-C. Do not declare an identifier with conflicting linkage classifications","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl\u002Fdcl36-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F06.declarations-and-initialization-dcl\u002F4.dcl36-c",{"title":4886,"path":4887,"stem":4888},"DCL37-C. Do not declare or define a reserved identifier","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl\u002Fdcl37-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F06.declarations-and-initialization-dcl\u002F5.dcl37-c",{"title":4890,"path":4891,"stem":4892},"DCL38-C. Use the correct syntax when declaring a flexible array member","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl\u002Fdcl38-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F06.declarations-and-initialization-dcl\u002F6.dcl38-c",{"title":4894,"path":4895,"stem":4896},"DCL39-C. Avoid information leakage when passing a structure across a trust boundary","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl\u002Fdcl39-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F06.declarations-and-initialization-dcl\u002F7.dcl39-c",{"title":4898,"path":4899,"stem":4900},"DCL40-C. Do not create incompatible declarations of the same function or object","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl\u002Fdcl40-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F06.declarations-and-initialization-dcl\u002F8.dcl40-c",{"title":4902,"path":4903,"stem":4904},"DCL41-C. Do not declare variables inside a switch statement before the first case label","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl\u002Fdcl41-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F06.declarations-and-initialization-dcl\u002F9.dcl41-c",{"title":4906,"path":4907,"stem":4908,"children":4909},"Environment (ENV)","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fenvironment-env","4.sei-cert-c-coding-standard\u002F03.rules\u002F07.environment-env\u002F1.index",[4910,4911,4915,4919,4923,4927],{"title":4906,"path":4907,"stem":4908},{"title":4912,"path":4913,"stem":4914},"ENV30-C. Do not modify the object referenced by the return value of certain functions","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fenvironment-env\u002Fenv30-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F07.environment-env\u002F2.env30-c",{"title":4916,"path":4917,"stem":4918},"ENV31-C. Do not rely on an environment pointer following an operation that may invalidate it","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fenvironment-env\u002Fenv31-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F07.environment-env\u002F3.env31-c",{"title":4920,"path":4921,"stem":4922},"ENV32-C. All exit handlers must return normally","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fenvironment-env\u002Fenv32-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F07.environment-env\u002F4.env32-c",{"title":4924,"path":4925,"stem":4926},"ENV33-C. Do not call system()","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fenvironment-env\u002Fenv33-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F07.environment-env\u002F5.env33-c",{"title":4928,"path":4929,"stem":4930},"ENV34-C. Do not store pointers returned by certain functions","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fenvironment-env\u002Fenv34-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F07.environment-env\u002F6.env34-c",{"title":4932,"path":4933,"stem":4934,"children":4935},"Error Handling (ERR)","\u002Fsei-cert-c-coding-standard\u002Frules\u002Ferror-handling-err","4.sei-cert-c-coding-standard\u002F03.rules\u002F08.error-handling-err\u002F1.index",[4936,4937,4941,4945,4947],{"title":4932,"path":4933,"stem":4934},{"title":4938,"path":4939,"stem":4940},"ERR30-C. Take care when reading errno","\u002Fsei-cert-c-coding-standard\u002Frules\u002Ferror-handling-err\u002Ferr30-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F08.error-handling-err\u002F2.err30-c",{"title":4942,"path":4943,"stem":4944},"ERR32-C. Do not rely on indeterminate values of errno","\u002Fsei-cert-c-coding-standard\u002Frules\u002Ferror-handling-err\u002Ferr32-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F08.error-handling-err\u002F3.err32-c",{"title":2906,"path":2905,"stem":4946},"4.sei-cert-c-coding-standard\u002F03.rules\u002F08.error-handling-err\u002F4.err33-c",{"title":4948,"path":4949,"stem":4950},"ERR34-C. Detect errors when converting a string to a number","\u002Fsei-cert-c-coding-standard\u002Frules\u002Ferror-handling-err\u002Ferr34-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F08.error-handling-err\u002F5.err34-c",{"title":4952,"path":4953,"stem":4954,"children":4955},"Expressions (EXP)","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fexpressions-exp","4.sei-cert-c-coding-standard\u002F03.rules\u002F09.expressions-exp\u002F01.index",[4956,4957,4961,4965,4969,4973,4977,4981,4985,4989,4993,4997,5001,5005,5009,5013],{"title":4952,"path":4953,"stem":4954},{"title":4958,"path":4959,"stem":4960},"EXP30-C. Do not depend on the order of evaluation for side effects","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp30-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F09.expressions-exp\u002F02.exp30-c",{"title":4962,"path":4963,"stem":4964},"EXP32-C. Do not access a volatile object through a nonvolatile reference","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp32-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F09.expressions-exp\u002F03.exp32-c",{"title":4966,"path":4967,"stem":4968},"EXP33-C. Do not read uninitialized memory","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp33-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F09.expressions-exp\u002F04.exp33-c",{"title":4970,"path":4971,"stem":4972},"EXP34-C. Do not dereference null pointers","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp34-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F09.expressions-exp\u002F05.exp34-c",{"title":4974,"path":4975,"stem":4976},"EXP35-C. Do not modify objects with temporary lifetime","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp35-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F09.expressions-exp\u002F06.exp35-c",{"title":4978,"path":4979,"stem":4980},"EXP36-C. Do not cast pointers into more strictly aligned pointer types","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp36-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F09.expressions-exp\u002F07.exp36-c",{"title":4982,"path":4983,"stem":4984},"EXP37-C. Call functions with the correct number and type of arguments","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp37-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F09.expressions-exp\u002F08.exp37-c",{"title":4986,"path":4987,"stem":4988},"EXP39-C. Do not access a variable through a pointer of an incompatible type","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp39-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F09.expressions-exp\u002F09.exp39-c",{"title":4990,"path":4991,"stem":4992},"EXP40-C. Do not modify constant objects","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp40-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F09.expressions-exp\u002F10.exp40-c",{"title":4994,"path":4995,"stem":4996},"EXP42-C. Do not compare padding data","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp42-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F09.expressions-exp\u002F11.exp42-c",{"title":4998,"path":4999,"stem":5000},"EXP43-C. Avoid undefined behavior when using restrict-qualified pointers","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp43-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F09.expressions-exp\u002F12.exp43-c",{"title":5002,"path":5003,"stem":5004},"EXP44-C. Do not rely on side effects in operands to sizeof, _Alignof, or _Generic","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp44-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F09.expressions-exp\u002F13.exp44-c",{"title":5006,"path":5007,"stem":5008},"EXP45-C. Do not perform assignments in selection statements","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp45-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F09.expressions-exp\u002F14.exp45-c",{"title":5010,"path":5011,"stem":5012},"EXP46-C. Do not use a bitwise operator with a Boolean-like operand","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp46-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F09.expressions-exp\u002F15.exp46-c",{"title":5014,"path":5015,"stem":5016},"EXP47-C. Do not call va_arg with an argument of the incorrect type","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp47-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F09.expressions-exp\u002F16.exp47-c",{"title":5018,"path":5019,"stem":5020,"children":5021},"Floating Point (FLP)","\u002Fsei-cert-c-coding-standard\u002Frules\u002Ffloating-point-flp","4.sei-cert-c-coding-standard\u002F03.rules\u002F10.floating-point-flp\u002F1.index",[5022,5023,5027,5031,5035,5039],{"title":5018,"path":5019,"stem":5020},{"title":5024,"path":5025,"stem":5026},"FLP30-C. Do not use floating-point variables as loop counters","\u002Fsei-cert-c-coding-standard\u002Frules\u002Ffloating-point-flp\u002Fflp30-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F10.floating-point-flp\u002F2.flp30-c",{"title":5028,"path":5029,"stem":5030},"FLP32-C. Prevent or detect domain and range errors in math functions","\u002Fsei-cert-c-coding-standard\u002Frules\u002Ffloating-point-flp\u002Fflp32-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F10.floating-point-flp\u002F3.flp32-c",{"title":5032,"path":5033,"stem":5034},"FLP34-C. Ensure that floating-point conversions are within range of the new type","\u002Fsei-cert-c-coding-standard\u002Frules\u002Ffloating-point-flp\u002Fflp34-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F10.floating-point-flp\u002F4.flp34-c",{"title":5036,"path":5037,"stem":5038},"FLP36-C. Preserve precision when converting integral values to floating-point type","\u002Fsei-cert-c-coding-standard\u002Frules\u002Ffloating-point-flp\u002Fflp36-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F10.floating-point-flp\u002F5.flp36-c",{"title":5040,"path":5041,"stem":5042},"FLP37-C. Do not use object representations to compare floating-point values","\u002Fsei-cert-c-coding-standard\u002Frules\u002Ffloating-point-flp\u002Fflp37-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F10.floating-point-flp\u002F6.flp37-c",{"title":5044,"path":5045,"stem":5046,"children":5047},"Input Output (FIO)","\u002Fsei-cert-c-coding-standard\u002Frules\u002Finput-output-fio","4.sei-cert-c-coding-standard\u002F03.rules\u002F11.input-output-fio\u002F01.index",[5048,5049,5053,5057,5061,5065,5069,5073,5077,5081,5085,5089,5093,5097],{"title":5044,"path":5045,"stem":5046},{"title":5050,"path":5051,"stem":5052},"FIO30-C. Exclude user input from format strings","\u002Fsei-cert-c-coding-standard\u002Frules\u002Finput-output-fio\u002Ffio30-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F11.input-output-fio\u002F02.fio30-c",{"title":5054,"path":5055,"stem":5056},"FIO32-C. Do not perform operations on devices that are only appropriate for files","\u002Fsei-cert-c-coding-standard\u002Frules\u002Finput-output-fio\u002Ffio32-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F11.input-output-fio\u002F03.fio32-c",{"title":5058,"path":5059,"stem":5060},"FIO34-C. Distinguish between characters read from a file and EOF or WEOF","\u002Fsei-cert-c-coding-standard\u002Frules\u002Finput-output-fio\u002Ffio34-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F11.input-output-fio\u002F04.fio34-c",{"title":5062,"path":5063,"stem":5064},"FIO37-C. Do not assume that fgets() or fgetws() returns a nonempty string when successful","\u002Fsei-cert-c-coding-standard\u002Frules\u002Finput-output-fio\u002Ffio37-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F11.input-output-fio\u002F05.fio37-c",{"title":5066,"path":5067,"stem":5068},"FIO38-C. Do not copy a FILE object","\u002Fsei-cert-c-coding-standard\u002Frules\u002Finput-output-fio\u002Ffio38-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F11.input-output-fio\u002F06.fio38-c",{"title":5070,"path":5071,"stem":5072},"FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call","\u002Fsei-cert-c-coding-standard\u002Frules\u002Finput-output-fio\u002Ffio39-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F11.input-output-fio\u002F07.fio39-c",{"title":5074,"path":5075,"stem":5076},"FIO40-C. Reset strings on fgets() or fgetws() failure","\u002Fsei-cert-c-coding-standard\u002Frules\u002Finput-output-fio\u002Ffio40-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F11.input-output-fio\u002F08.fio40-c",{"title":5078,"path":5079,"stem":5080},"FIO41-C. Do not call getc(), putc(), getwc(), or putwc() with a stream argument that has side effects","\u002Fsei-cert-c-coding-standard\u002Frules\u002Finput-output-fio\u002Ffio41-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F11.input-output-fio\u002F09.fio41-c",{"title":5082,"path":5083,"stem":5084},"FIO42-C. Close files when they are no longer needed","\u002Fsei-cert-c-coding-standard\u002Frules\u002Finput-output-fio\u002Ffio42-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F11.input-output-fio\u002F10.fio42-c",{"title":5086,"path":5087,"stem":5088},"FIO44-C. Only use values for fsetpos() that are returned from fgetpos()","\u002Fsei-cert-c-coding-standard\u002Frules\u002Finput-output-fio\u002Ffio44-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F11.input-output-fio\u002F11.fio44-c",{"title":5090,"path":5091,"stem":5092},"FIO45-C. Avoid TOCTOU race conditions while accessing files","\u002Fsei-cert-c-coding-standard\u002Frules\u002Finput-output-fio\u002Ffio45-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F11.input-output-fio\u002F12.fio45-c",{"title":5094,"path":5095,"stem":5096},"FIO46-C. Do not access a closed file","\u002Fsei-cert-c-coding-standard\u002Frules\u002Finput-output-fio\u002Ffio46-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F11.input-output-fio\u002F13.fio46-c",{"title":5098,"path":5099,"stem":5100},"FIO47-C. Use valid format strings","\u002Fsei-cert-c-coding-standard\u002Frules\u002Finput-output-fio\u002Ffio47-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F11.input-output-fio\u002F14.fio47-c",{"title":5102,"path":5103,"stem":5104,"children":5105},"Integers (INT)","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fintegers-int","4.sei-cert-c-coding-standard\u002F03.rules\u002F12.integers-int\u002F1.index",[5106,5107,5109,5113,5117,5121,5125,5129],{"title":5102,"path":5103,"stem":5104},{"title":1221,"path":1220,"stem":5108},"4.sei-cert-c-coding-standard\u002F03.rules\u002F12.integers-int\u002F2.int30-c",{"title":5110,"path":5111,"stem":5112},"INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fintegers-int\u002Fint31-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F12.integers-int\u002F3.int31-c",{"title":5114,"path":5115,"stem":5116},"INT32-C. Ensure that operations on signed integers do not result in overflow","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fintegers-int\u002Fint32-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F12.integers-int\u002F4.int32-c",{"title":5118,"path":5119,"stem":5120},"INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fintegers-int\u002Fint33-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F12.integers-int\u002F5.int33-c",{"title":5122,"path":5123,"stem":5124},"INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fintegers-int\u002Fint34-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F12.integers-int\u002F6.int34-c",{"title":5126,"path":5127,"stem":5128},"INT35-C. Use correct integer precisions","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fintegers-int\u002Fint35-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F12.integers-int\u002F7.int35-c",{"title":5130,"path":5131,"stem":5132},"INT36-C. Converting a pointer to integer or integer to pointer","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fintegers-int\u002Fint36-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F12.integers-int\u002F8.int36-c",{"title":5134,"path":5135,"stem":5136,"children":5137},"Memory Management (MEM)","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fmemory-management-mem","4.sei-cert-c-coding-standard\u002F03.rules\u002F13.memory-management-mem\u002F1.index",[5138,5139,5143,5147,5151,5155,5159],{"title":5134,"path":5135,"stem":5136},{"title":5140,"path":5141,"stem":5142},"MEM30-C. Do not access freed memory","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fmemory-management-mem\u002Fmem30-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F13.memory-management-mem\u002F2.mem30-c",{"title":5144,"path":5145,"stem":5146},"MEM31-C. Free dynamically allocated memory when no longer needed","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fmemory-management-mem\u002Fmem31-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F13.memory-management-mem\u002F3.mem31-c",{"title":5148,"path":5149,"stem":5150},"MEM33-C. Allocate and copy structures containing a flexible array member dynamically","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fmemory-management-mem\u002Fmem33-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F13.memory-management-mem\u002F4.mem33-c",{"title":5152,"path":5153,"stem":5154},"MEM34-C. Only free memory allocated dynamically","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fmemory-management-mem\u002Fmem34-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F13.memory-management-mem\u002F5.mem34-c",{"title":5156,"path":5157,"stem":5158},"MEM35-C. Allocate sufficient memory for an object","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fmemory-management-mem\u002Fmem35-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F13.memory-management-mem\u002F6.mem35-c",{"title":5160,"path":5161,"stem":5162},"MEM36-C. Do not modify the alignment of objects by calling realloc()","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fmemory-management-mem\u002Fmem36-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F13.memory-management-mem\u002F7.mem36-c",{"title":5164,"path":5165,"stem":5166,"children":5167},"Microsoft Windows (WIN)","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fmicrosoft-windows-win","4.sei-cert-c-coding-standard\u002F03.rules\u002F14.microsoft-windows-win\u002F1.index",[5168,5169],{"title":5164,"path":5165,"stem":5166},{"title":5170,"path":5171,"stem":5172},"WIN30-C. Properly pair allocation and deallocation functions","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fmicrosoft-windows-win\u002Fwin30-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F14.microsoft-windows-win\u002F2.win30-c",{"title":5174,"path":5175,"stem":5176,"children":5177},"Miscellaneous (MSC)","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fmiscellaneous-msc","4.sei-cert-c-coding-standard\u002F03.rules\u002F15.miscellaneous-msc\u002F1.index",[5178,5179,5183,5187,5191,5195,5199,5203,5207],{"title":5174,"path":5175,"stem":5176},{"title":5180,"path":5181,"stem":5182},"MSC30-C. Do not use the rand() function for generating pseudorandom numbers","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fmsc30-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F15.miscellaneous-msc\u002F2.msc30-c",{"title":5184,"path":5185,"stem":5186},"MSC32-C. Properly seed pseudorandom number generators","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fmsc32-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F15.miscellaneous-msc\u002F3.msc32-c",{"title":5188,"path":5189,"stem":5190},"MSC33-C. Do not pass invalid data to the asctime() function","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fmsc33-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F15.miscellaneous-msc\u002F4.msc33-c",{"title":5192,"path":5193,"stem":5194},"MSC37-C. Ensure that control never reaches the end of a non-void function","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fmsc37-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F15.miscellaneous-msc\u002F5.msc37-c",{"title":5196,"path":5197,"stem":5198},"MSC38-C. Do not treat a predefined identifier as an object if it might only be implemented as a macro","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fmsc38-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F15.miscellaneous-msc\u002F6.msc38-c",{"title":5200,"path":5201,"stem":5202},"MSC39-C. Do not call va_arg() on a va_list that has an indeterminate value","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fmsc39-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F15.miscellaneous-msc\u002F7.msc39-c",{"title":5204,"path":5205,"stem":5206},"MSC40-C. Do not violate constraints","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fmsc40-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F15.miscellaneous-msc\u002F8.msc40-c",{"title":5208,"path":5209,"stem":5210},"MSC41-C. Never hard code sensitive information","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fmsc41-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F15.miscellaneous-msc\u002F9.msc41-c",{"title":5212,"path":5213,"stem":5214,"children":5215},"POSIX (POS)","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fposix-pos","4.sei-cert-c-coding-standard\u002F03.rules\u002F16.posix-pos\u002F01.index",[5216,5217,5221,5225,5229,5233,5237,5241,5245,5249,5253,5257,5261,5265,5269,5273,5277],{"title":5212,"path":5213,"stem":5214},{"title":5218,"path":5219,"stem":5220},"POS30-C. Use the readlink() function properly","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fposix-pos\u002Fpos30-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F16.posix-pos\u002F02.pos30-c",{"title":5222,"path":5223,"stem":5224},"POS34-C. Do not call putenv() with a pointer to an automatic variable as the argument","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fposix-pos\u002Fpos34-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F16.posix-pos\u002F03.pos34-c",{"title":5226,"path":5227,"stem":5228},"POS35-C. Avoid race conditions while checking for the existence of a symbolic link","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fposix-pos\u002Fpos35-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F16.posix-pos\u002F04.pos35-c",{"title":5230,"path":5231,"stem":5232},"POS36-C. Observe correct revocation order while relinquishing privileges","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fposix-pos\u002Fpos36-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F16.posix-pos\u002F05.pos36-c",{"title":5234,"path":5235,"stem":5236},"POS37-C. Ensure that privilege relinquishment is successful","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fposix-pos\u002Fpos37-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F16.posix-pos\u002F06.pos37-c",{"title":5238,"path":5239,"stem":5240},"POS38-C. Beware of race conditions when using fork and file descriptors","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fposix-pos\u002Fpos38-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F16.posix-pos\u002F07.pos38-c",{"title":5242,"path":5243,"stem":5244},"POS39-C. Use the correct byte ordering when transferring data between systems","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fposix-pos\u002Fpos39-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F16.posix-pos\u002F08.pos39-c",{"title":5246,"path":5247,"stem":5248},"POS44-C. Do not use signals to terminate threads","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fposix-pos\u002Fpos44-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F16.posix-pos\u002F09.pos44-c",{"title":5250,"path":5251,"stem":5252},"POS47-C. Do not use threads that can be canceled asynchronously","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fposix-pos\u002Fpos47-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F16.posix-pos\u002F10.pos47-c",{"title":5254,"path":5255,"stem":5256},"POS48-C. Do not unlock or destroy another POSIX thread's mutex","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fposix-pos\u002Fpos48-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F16.posix-pos\u002F11.pos48-c",{"title":5258,"path":5259,"stem":5260},"POS49-C. When data must be accessed by multiple threads, provide a mutex and guarantee no adjacent data is also accessed","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fposix-pos\u002Fpos49-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F16.posix-pos\u002F12.pos49-c",{"title":5262,"path":5263,"stem":5264},"POS50-C. Declare objects shared between POSIX threads with appropriate storage durations","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fposix-pos\u002Fpos50-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F16.posix-pos\u002F13.pos50-c",{"title":5266,"path":5267,"stem":5268},"POS51-C. Avoid deadlock with POSIX threads by locking in predefined order","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fposix-pos\u002Fpos51-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F16.posix-pos\u002F14.pos51-c",{"title":5270,"path":5271,"stem":5272},"POS52-C. Do not perform operations that can block while holding a POSIX lock","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fposix-pos\u002Fpos52-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F16.posix-pos\u002F15.pos52-c",{"title":5274,"path":5275,"stem":5276},"POS53-C. Do not use more than one mutex for concurrent waiting operations on a condition variable","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fposix-pos\u002Fpos53-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F16.posix-pos\u002F16.pos53-c",{"title":5278,"path":5279,"stem":5280},"POS54-C. Detect and handle POSIX library errors","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fposix-pos\u002Fpos54-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F16.posix-pos\u002F17.pos54-c",{"title":5282,"path":5283,"stem":5284,"children":5285},"Preprocessor (PRE)","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fpreprocessor-pre","4.sei-cert-c-coding-standard\u002F03.rules\u002F17.preprocessor-pre\u002F1.index",[5286,5287,5291,5295],{"title":5282,"path":5283,"stem":5284},{"title":5288,"path":5289,"stem":5290},"PRE30-C. Do not create a universal character name through concatenation","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fpreprocessor-pre\u002Fpre30-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F17.preprocessor-pre\u002F2.pre30-c",{"title":5292,"path":5293,"stem":5294},"PRE31-C. Avoid side effects in arguments to unsafe macros","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fpreprocessor-pre\u002Fpre31-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F17.preprocessor-pre\u002F3.pre31-c",{"title":5296,"path":5297,"stem":5298},"PRE32-C. Do not use preprocessor directives in invocations of function-like macros","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fpreprocessor-pre\u002Fpre32-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F17.preprocessor-pre\u002F4.pre32-c",{"title":5300,"path":5301,"stem":5302,"children":5303},"Signals (SIG)","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fsignals-sig","4.sei-cert-c-coding-standard\u002F03.rules\u002F18.signals-sig\u002F1.index",[5304,5305,5309,5313,5317],{"title":5300,"path":5301,"stem":5302},{"title":5306,"path":5307,"stem":5308},"SIG30-C. Call only asynchronous-safe functions within signal handlers","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fsignals-sig\u002Fsig30-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F18.signals-sig\u002F2.sig30-c",{"title":5310,"path":5311,"stem":5312},"SIG31-C. Do not access shared objects in signal handlers","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fsignals-sig\u002Fsig31-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F18.signals-sig\u002F3.sig31-c",{"title":5314,"path":5315,"stem":5316},"SIG34-C. Do not call signal() from within interruptible signal handlers","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fsignals-sig\u002Fsig34-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F18.signals-sig\u002F4.sig34-c",{"title":5318,"path":5319,"stem":5320},"SIG35-C. Do not return from a computational exception signal handler","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fsignals-sig\u002Fsig35-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F18.signals-sig\u002F5.sig35-c",{"title":5322,"path":5323,"stem":5324,"children":5325},"Back Matter","\u002Fsei-cert-c-coding-standard\u002Fback-matter","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F1.index",[5326,5327,5331,5335,5339,5343,5524,5581],{"title":5322,"path":5323,"stem":5324},{"title":5328,"path":5329,"stem":5330},"AA. Bibliography","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Faa-bibliography","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F2.aa-bibliography",{"title":5332,"path":5333,"stem":5334},"BB. Definitions","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fbb-definitions","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F3.bb-definitions",{"title":5336,"path":5337,"stem":5338},"CC. Undefined Behavior","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fcc-undefined-behavior","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F4.cc-undefined-behavior",{"title":5340,"path":5341,"stem":5342},"DD. Unspecified Behavior","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fdd-unspecified-behavior","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F5.dd-unspecified-behavior",{"title":5344,"path":5345,"stem":5346,"children":5347},"EE. Analyzers","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F01.index",[5348,5349,5351,5355,5357,5361,5365,5369,5373,5377,5381,5383,5387,5389,5393,5395,5399,5401,5403,5407,5411,5415,5419,5423,5427,5431,5435,5437,5441,5443,5447,5450,5454,5457,5461,5463,5467,5469,5473,5475,5479,5482,5486,5490,5492,5496,5498,5502,5506,5510,5514,5518,5520],{"title":5344,"path":5345,"stem":5346},{"title":3218,"path":3217,"stem":5350},"4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F02.astree",{"title":5352,"path":5353,"stem":5354},"Astrée_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fastree_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F03.astree_v",{"title":3275,"path":3274,"stem":5356},"4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F04.axivion-bauhaus-suite",{"title":5358,"path":5359,"stem":5360},"Axivion Bauhaus Suite_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Faxivion-bauhaus-suite_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F05.axivion-bauhaus-suite_v",{"title":5362,"path":5363,"stem":5364},"Clang","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fclang","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F06.clang",{"title":5366,"path":5367,"stem":5368},"Clang_38_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fclang_38_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F07.clang_38_v",{"title":5370,"path":5371,"stem":5372},"Clang_39_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fclang_39_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F08.clang_39_v",{"title":5374,"path":5375,"stem":5376},"Clang_40_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fclang_40_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F09.clang_40_v",{"title":5378,"path":5379,"stem":5380},"Clang_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fclang_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F10.clang_v",{"title":3302,"path":3301,"stem":5382},"4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F11.codee",{"title":5384,"path":5385,"stem":5386},"Codee_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fcodee_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F12.codee_v",{"title":3363,"path":3362,"stem":5388},"4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F13.codesonar",{"title":5390,"path":5391,"stem":5392},"CodeSonar_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fcodesonar_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F14.codesonar_v",{"title":3484,"path":3483,"stem":5394},"4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F15.coverity",{"title":5396,"path":5397,"stem":5398},"Coverity_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fcoverity_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F16.coverity_v",{"title":3535,"path":3534,"stem":5400},"4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F17.cppcheck",{"title":3563,"path":3562,"stem":5402},"4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F18.cppcheck-premium",{"title":5404,"path":5405,"stem":5406},"Cppcheck Premium_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fcppcheck-premium_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F19.cppcheck-premium_v",{"title":5408,"path":5409,"stem":5410},"Cppcheck_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fcppcheck_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F20.cppcheck_v",{"title":5412,"path":5413,"stem":5414},"ECLAIR","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Feclair","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F21.eclair",{"title":5416,"path":5417,"stem":5418},"ECLAIR_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Feclair_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F22.eclair_v",{"title":5420,"path":5421,"stem":5422},"EDG","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fedg","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F23.edg",{"title":5424,"path":5425,"stem":5426},"EDG_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fedg_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F24.edg_v",{"title":5428,"path":5429,"stem":5430},"GCC","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fgcc","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F25.gcc",{"title":5432,"path":5433,"stem":5434},"GCC_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fgcc_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F26.gcc_v",{"title":3597,"path":3596,"stem":5436},"4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F27.helix-qac",{"title":5438,"path":5439,"stem":5440},"Helix QAC_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fhelix-qac_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F28.helix-qac_v",{"title":3630,"path":3629,"stem":5442},"4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F29.klocwork",{"title":5444,"path":5445,"stem":5446},"Klocwork_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fklocwork_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F30.klocwork_v",{"title":5448,"path":3734,"stem":5449},"LDRA","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F31.ldra",{"title":5451,"path":5452,"stem":5453},"LDRA_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fldra_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F32.ldra_v",{"title":5455,"path":3764,"stem":5456},"Parasoft","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F33.parasoft",{"title":5458,"path":5459,"stem":5460},"Parasoft_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fparasoft_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F34.parasoft_v",{"title":3808,"path":3807,"stem":5462},"4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F35.pc-lint-plus",{"title":5464,"path":5465,"stem":5466},"PC-lint Plus_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fpc-lint-plus_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F36.pc-lint-plus_v",{"title":3837,"path":3836,"stem":5468},"4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F37.polyspace-bug-finder",{"title":5470,"path":5471,"stem":5472},"Polyspace Bug Finder_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fpolyspace-bug-finder_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F38.polyspace-bug-finder_v",{"title":3889,"path":3888,"stem":5474},"4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F39.pvs-studio",{"title":5476,"path":5477,"stem":5478},"PVS-Studio_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fpvs-studio_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F40.pvs-studio_v",{"title":5480,"path":3451,"stem":5481},"Rose","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F41.rose",{"title":5483,"path":5484,"stem":5485},"Rose_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Frose_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F42.rose_v",{"title":5487,"path":5488,"stem":5489},"Rosecheckers Code","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Frosecheckers-code","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F43.rosecheckers-code",{"title":3954,"path":3953,"stem":5491},"4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F44.rulechecker",{"title":5493,"path":5494,"stem":5495},"RuleChecker_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Frulechecker_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F45.rulechecker_v",{"title":3985,"path":3984,"stem":5497},"4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F46.security-reviewer-static-reviewer",{"title":5499,"path":5500,"stem":5501},"Security Reviewer - Static Reviewer_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fsecurity-reviewer-static-reviewer_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F47.security-reviewer-static-reviewer_v",{"title":5503,"path":5504,"stem":5505},"SonarQube C\u002FC++ Plugin","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fsonarqube-ccpp-plugin","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F48.sonarqube-ccpp-plugin",{"title":5507,"path":5508,"stem":5509},"SonarQube C\u002FC++ Plugin_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fsonarqube-ccpp-plugin_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F49.sonarqube-ccpp-plugin_v",{"title":5511,"path":5512,"stem":5513},"Splint","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fsplint","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F50.splint",{"title":5515,"path":5516,"stem":5517},"Splint_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fsplint_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F51.splint_v",{"title":4088,"path":4087,"stem":5519},"4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F52.trustinsoft-analyzer",{"title":5521,"path":5522,"stem":5523},"TrustInSoft Analyzer_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Ftrustinsoft-analyzer_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F53.trustinsoft-analyzer_v",{"title":5525,"path":5526,"stem":5527,"children":5528},"FF. Related Guidelines","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fff-related-guidelines","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F7.ff-related-guidelines\u002F01.index",[5529,5530,5534,5538,5542,5546,5550,5554,5558,5562,5565,5569,5573,5577],{"title":5525,"path":5526,"stem":5527},{"title":5531,"path":5532,"stem":5533},"2003","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fff-related-guidelines\u002F02.2003","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F7.ff-related-guidelines\u002F02.2003",{"title":5535,"path":5536,"stem":5537},"2006","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fff-related-guidelines\u002F03.2006","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F7.ff-related-guidelines\u002F03.2006",{"title":5539,"path":5540,"stem":5541},"2007","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fff-related-guidelines\u002F04.2007","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F7.ff-related-guidelines\u002F04.2007",{"title":5543,"path":5544,"stem":5545},"2008","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fff-related-guidelines\u002F05.2008","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F7.ff-related-guidelines\u002F05.2008",{"title":5547,"path":5548,"stem":5549},"2010","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fff-related-guidelines\u002F06.2010","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F7.ff-related-guidelines\u002F06.2010",{"title":5551,"path":5552,"stem":5553},"2011","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fff-related-guidelines\u002F07.2011","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F7.ff-related-guidelines\u002F07.2011",{"title":5555,"path":5556,"stem":5557},"2012","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fff-related-guidelines\u002F08.2012","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F7.ff-related-guidelines\u002F08.2012",{"title":5559,"path":5560,"stem":5561},"2013","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fff-related-guidelines\u002F09.2013","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F7.ff-related-guidelines\u002F09.2013",{"title":5559,"path":5563,"stem":5564},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fff-related-guidelines\u002F10.2013","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F7.ff-related-guidelines\u002F10.2013",{"title":5566,"path":5567,"stem":5568},"MITRE CWE","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fff-related-guidelines\u002Fmitre-cwe","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F7.ff-related-guidelines\u002F11.mitre-cwe",{"title":5570,"path":5571,"stem":5572},"MITRE CWE 2.11","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fff-related-guidelines\u002Fmitre-cwe-211","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F7.ff-related-guidelines\u002F12.mitre-cwe-211",{"title":5574,"path":5575,"stem":5576},"MITRE CWE 3.1","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fff-related-guidelines\u002Fmitre-cwe-31","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F7.ff-related-guidelines\u002F13.mitre-cwe-31",{"title":5578,"path":5579,"stem":5580},"MITRE CWE 3.11","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fff-related-guidelines\u002Fmitre-cwe-311","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F7.ff-related-guidelines\u002F14.mitre-cwe-311",{"title":5582,"path":5583,"stem":5584},"GG. Risk Assessments","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fgg-risk-assessments","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F8.gg-risk-assessments",{"title":5586,"path":5587,"stem":5588,"children":5589},"Admin","\u002Fsei-cert-c-coding-standard\u002Fadmin","4.sei-cert-c-coding-standard\u002F05.admin\u002F1.index",[5590,5591,5595],{"title":5586,"path":5587,"stem":5588},{"title":5592,"path":5593,"stem":5594},"TODO List","\u002Fsei-cert-c-coding-standard\u002Fadmin\u002Ftodo-list","4.sei-cert-c-coding-standard\u002F05.admin\u002F2.todo-list",{"title":5596,"path":5597,"stem":5598},"Undefined and implementation-defined behaviors not deemed ruleworthy","\u002Fsei-cert-c-coding-standard\u002Fadmin\u002Fundefined-and-implementation-defined-behaviors-not-deemed-ruleworthy","4.sei-cert-c-coding-standard\u002F05.admin\u002F3.undefined-and-implementation-defined-behaviors-not-deemed-ruleworthy",{"title":5600,"path":5601,"stem":5602},"Coding Style Guidelines","\u002Fsei-cert-c-coding-standard\u002Fcoding-style-guidelines","4.sei-cert-c-coding-standard\u002F05.coding-style-guidelines",{"title":5604,"path":5605,"stem":5606},"Errata for SEI CERT C Coding Standard (2016 Edition)","\u002Fsei-cert-c-coding-standard\u002Ferrata-for-sei-cert-c-coding-standard-2016-edition","4.sei-cert-c-coding-standard\u002F06.errata-for-sei-cert-c-coding-standard-2016-edition",{"title":5608,"path":5609,"stem":5610},"Wiki Contents","\u002Fsei-cert-c-coding-standard\u002Fwiki-contents","4.sei-cert-c-coding-standard\u002F06.wiki-contents",{"title":5612,"path":5613,"stem":5614,"children":5615},"Recommendations","\u002Fsei-cert-c-coding-standard\u002Frecommendations","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F01.index",[5616,5617,5658,5675,5720,5761,5858,5875,5908,5977,6014,6099,6164,6213,6238,6329,6350,6407],{"title":5612,"path":5613,"stem":5614},{"title":4751,"path":5618,"stem":5619,"children":5620},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fapplication-programming-interfaces-api","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F02.application-programming-interfaces-api\u002F01.index",[5621,5622,5626,5630,5634,5638,5642,5646,5650,5654],{"title":4751,"path":5618,"stem":5619},{"title":5623,"path":5624,"stem":5625},"API00-C. Functions should validate their parameters","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fapplication-programming-interfaces-api\u002Fapi00-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F02.application-programming-interfaces-api\u002F02.api00-c",{"title":5627,"path":5628,"stem":5629},"API01-C. Avoid laying out strings in memory directly before sensitive data","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fapplication-programming-interfaces-api\u002Fapi01-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F02.application-programming-interfaces-api\u002F03.api01-c",{"title":5631,"path":5632,"stem":5633},"API02-C. Functions that read or write to or from an array should take an argument to specify the source or target size","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fapplication-programming-interfaces-api\u002Fapi02-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F02.application-programming-interfaces-api\u002F04.api02-c",{"title":5635,"path":5636,"stem":5637},"API03-C. Create consistent interfaces and capabilities across related functions","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fapplication-programming-interfaces-api\u002Fapi03-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F02.application-programming-interfaces-api\u002F05.api03-c",{"title":5639,"path":5640,"stem":5641},"API04-C. Provide a consistent and usable error-checking mechanism","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fapplication-programming-interfaces-api\u002Fapi04-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F02.application-programming-interfaces-api\u002F06.api04-c",{"title":5643,"path":5644,"stem":5645},"API05-C. Use conformant array parameters","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fapplication-programming-interfaces-api\u002Fapi05-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F02.application-programming-interfaces-api\u002F07.api05-c",{"title":5647,"path":5648,"stem":5649},"API07-C. Enforce type safety","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fapplication-programming-interfaces-api\u002Fapi07-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F02.application-programming-interfaces-api\u002F08.api07-c",{"title":5651,"path":5652,"stem":5653},"API09-C. Compatible values should have the same type","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fapplication-programming-interfaces-api\u002Fapi09-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F02.application-programming-interfaces-api\u002F09.api09-c",{"title":5655,"path":5656,"stem":5657},"API10-C. APIs should have security options enabled by default","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fapplication-programming-interfaces-api\u002Fapi10-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F02.application-programming-interfaces-api\u002F10.api10-c",{"title":4659,"path":5659,"stem":5660,"children":5661},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Farrays-arr","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F03.arrays-arr\u002F1.index",[5662,5663,5667,5671],{"title":4659,"path":5659,"stem":5660},{"title":5664,"path":5665,"stem":5666},"ARR00-C. Understand how arrays work","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Farrays-arr\u002Farr00-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F03.arrays-arr\u002F2.arr00-c",{"title":5668,"path":5669,"stem":5670},"ARR01-C. Do not apply the sizeof operator to a pointer when taking the size of an array","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Farrays-arr\u002Farr01-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F03.arrays-arr\u002F3.arr01-c",{"title":5672,"path":5673,"stem":5674},"ARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Farrays-arr\u002Farr02-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F03.arrays-arr\u002F4.arr02-c",{"title":4776,"path":5676,"stem":5677,"children":5678},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fcharacters-and-strings-str","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F04.characters-and-strings-str\u002F01.index",[5679,5680,5684,5688,5692,5696,5700,5704,5708,5712,5716],{"title":4776,"path":5676,"stem":5677},{"title":5681,"path":5682,"stem":5683},"STR00-C. Represent characters using an appropriate type","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fcharacters-and-strings-str\u002Fstr00-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F04.characters-and-strings-str\u002F02.str00-c",{"title":5685,"path":5686,"stem":5687},"STR01-C. Adopt and implement a consistent plan for managing strings","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fcharacters-and-strings-str\u002Fstr01-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F04.characters-and-strings-str\u002F03.str01-c",{"title":5689,"path":5690,"stem":5691},"STR02-C. Sanitize data passed to complex subsystems","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fcharacters-and-strings-str\u002Fstr02-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F04.characters-and-strings-str\u002F04.str02-c",{"title":5693,"path":5694,"stem":5695},"STR03-C. Do not inadvertently truncate a string","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fcharacters-and-strings-str\u002Fstr03-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F04.characters-and-strings-str\u002F05.str03-c",{"title":5697,"path":5698,"stem":5699},"STR04-C. Use plain char for characters in the basic character set","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fcharacters-and-strings-str\u002Fstr04-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F04.characters-and-strings-str\u002F06.str04-c",{"title":5701,"path":5702,"stem":5703},"STR05-C. Use pointers to const when referring to string literals","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fcharacters-and-strings-str\u002Fstr05-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F04.characters-and-strings-str\u002F07.str05-c",{"title":5705,"path":5706,"stem":5707},"STR06-C. Do not assume that strtok() leaves the parse string unchanged","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fcharacters-and-strings-str\u002Fstr06-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F04.characters-and-strings-str\u002F08.str06-c",{"title":5709,"path":5710,"stem":5711},"STR09-C. Don't assume numeric values for expressions with type plain character","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fcharacters-and-strings-str\u002Fstr09-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F04.characters-and-strings-str\u002F09.str09-c",{"title":5713,"path":5714,"stem":5715},"STR10-C. Do not concatenate different type of string literals","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fcharacters-and-strings-str\u002Fstr10-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F04.characters-and-strings-str\u002F10.str10-c",{"title":5717,"path":5718,"stem":5719},"STR11-C. Do not specify the bound of a character array initialized with a string literal","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fcharacters-and-strings-str\u002Fstr11-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F04.characters-and-strings-str\u002F11.str11-c",{"title":4806,"path":5721,"stem":5722,"children":5723},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fconcurrency-con","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F05.concurrency-con\u002F01.index",[5724,5725,5729,5733,5737,5741,5745,5749,5753,5757],{"title":4806,"path":5721,"stem":5722},{"title":5726,"path":5727,"stem":5728},"CON01-C. Acquire and release synchronization primitives in the same module, at the same level of abstraction","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fconcurrency-con\u002Fcon01-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F05.concurrency-con\u002F02.con01-c",{"title":5730,"path":5731,"stem":5732},"CON02-C. Do not use volatile as a synchronization primitive","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fconcurrency-con\u002Fcon02-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F05.concurrency-con\u002F03.con02-c",{"title":5734,"path":5735,"stem":5736},"CON03-C. Ensure visibility when accessing shared variables","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fconcurrency-con\u002Fcon03-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F05.concurrency-con\u002F04.con03-c",{"title":5738,"path":5739,"stem":5740},"CON04-C. Join or detach threads even if their exit status is unimportant","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fconcurrency-con\u002Fcon04-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F05.concurrency-con\u002F05.con04-c",{"title":5742,"path":5743,"stem":5744},"CON05-C. Do not perform operations that can block while holding a lock","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fconcurrency-con\u002Fcon05-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F05.concurrency-con\u002F06.con05-c",{"title":5746,"path":5747,"stem":5748},"CON06-C. Ensure that every mutex outlives the data it protects","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fconcurrency-con\u002Fcon06-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F05.concurrency-con\u002F07.con06-c",{"title":5750,"path":5751,"stem":5752},"CON07-C. Ensure that compound operations on shared variables are atomic","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fconcurrency-con\u002Fcon07-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F05.concurrency-con\u002F08.con07-c",{"title":5754,"path":5755,"stem":5756},"CON08-C. Do not assume that a group of calls to independently atomic methods is atomic","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fconcurrency-con\u002Fcon08-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F05.concurrency-con\u002F09.con08-c",{"title":5758,"path":5759,"stem":5760},"CON09-C. Avoid the ABA problem when using lock-free algorithms","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fconcurrency-con\u002Fcon09-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F05.concurrency-con\u002F10.con09-c",{"title":4868,"path":5762,"stem":5763,"children":5764},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F01.index",[5765,5766,5770,5774,5778,5782,5786,5790,5794,5798,5802,5806,5810,5814,5818,5822,5826,5830,5834,5838,5842,5846,5850,5854],{"title":4868,"path":5762,"stem":5763},{"title":5767,"path":5768,"stem":5769},"DCL00-C. Const-qualify immutable objects","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl00-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F02.dcl00-c",{"title":5771,"path":5772,"stem":5773},"DCL01-C. Do not reuse variable names in subscopes","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl01-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F03.dcl01-c",{"title":5775,"path":5776,"stem":5777},"DCL02-C. Use visually distinct identifiers","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl02-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F04.dcl02-c",{"title":5779,"path":5780,"stem":5781},"DCL03-C. Use a static assertion to test the value of a constant expression","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl03-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F05.dcl03-c",{"title":5783,"path":5784,"stem":5785},"DCL04-C. Do not declare more than one variable per declaration","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl04-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F06.dcl04-c",{"title":5787,"path":5788,"stem":5789},"DCL05-C. Use typedefs of non-pointer types only","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl05-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F07.dcl05-c",{"title":5791,"path":5792,"stem":5793},"DCL06-C. Use meaningful symbolic constants to represent literal values","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl06-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F08.dcl06-c",{"title":5795,"path":5796,"stem":5797},"DCL07-C. Include the appropriate type information in function declarators","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl07-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F09.dcl07-c",{"title":5799,"path":5800,"stem":5801},"DCL08-C. Properly encode relationships in constant definitions","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl08-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F10.dcl08-c",{"title":5803,"path":5804,"stem":5805},"DCL09-C. Declare functions that return errno with a return type of errno_t","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl09-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F11.dcl09-c",{"title":5807,"path":5808,"stem":5809},"DCL10-C. Maintain the contract between the writer and caller of variadic functions","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl10-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F12.dcl10-c",{"title":5811,"path":5812,"stem":5813},"DCL11-C. Understand the type issues associated with variadic functions","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl11-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F13.dcl11-c",{"title":5815,"path":5816,"stem":5817},"DCL12-C. Implement abstract data types using opaque types","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl12-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F14.dcl12-c",{"title":5819,"path":5820,"stem":5821},"DCL13-C. Declare function parameters that are pointers to values not changed by the function as const","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl13-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F15.dcl13-c",{"title":5823,"path":5824,"stem":5825},"DCL15-C. Declare file-scope objects or functions that do not need external linkage as static","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl15-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F16.dcl15-c",{"title":5827,"path":5828,"stem":5829},"DCL16-C. Use \"L,\" not \"l,\" to indicate a long value","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl16-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F17.dcl16-c",{"title":5831,"path":5832,"stem":5833},"DCL17-C. Beware of miscompiled volatile-qualified variables","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl17-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F18.dcl17-c",{"title":5835,"path":5836,"stem":5837},"DCL18-C. Do not begin integer constants with 0 when specifying a decimal value","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl18-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F19.dcl18-c",{"title":5839,"path":5840,"stem":5841},"DCL19-C. Minimize the scope of variables and functions","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl19-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F20.dcl19-c",{"title":5843,"path":5844,"stem":5845},"DCL20-C. Explicitly specify void when a function accepts no arguments","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl20-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F21.dcl20-c",{"title":5847,"path":5848,"stem":5849},"DCL21-C. Understand the storage of compound literals","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl21-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F22.dcl21-c",{"title":5851,"path":5852,"stem":5853},"DCL22-C. Use volatile for data that cannot be cached","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl22-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F23.dcl22-c",{"title":5855,"path":5856,"stem":5857},"DCL23-C. Guarantee that mutually visible identifiers are unique","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl23-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F24.dcl23-c",{"title":4906,"path":5859,"stem":5860,"children":5861},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fenvironment-env","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F07.environment-env\u002F1.index",[5862,5863,5867,5871],{"title":4906,"path":5859,"stem":5860},{"title":5864,"path":5865,"stem":5866},"ENV01-C. Do not make assumptions about the size of an environment variable","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fenvironment-env\u002Fenv01-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F07.environment-env\u002F2.env01-c",{"title":5868,"path":5869,"stem":5870},"ENV02-C. Beware of multiple environment variables with the same effective name","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fenvironment-env\u002Fenv02-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F07.environment-env\u002F3.env02-c",{"title":5872,"path":5873,"stem":5874},"ENV03-C. Sanitize the environment when invoking external programs","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fenvironment-env\u002Fenv03-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F07.environment-env\u002F4.env03-c",{"title":4932,"path":5876,"stem":5877,"children":5878},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Ferror-handling-err","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F08.error-handling-err\u002F1.index",[5879,5880,5884,5888,5892,5896,5900,5904],{"title":4932,"path":5876,"stem":5877},{"title":5881,"path":5882,"stem":5883},"ERR00-C. Adopt and implement a consistent and comprehensive error-handling policy","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Ferror-handling-err\u002Ferr00-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F08.error-handling-err\u002F2.err00-c",{"title":5885,"path":5886,"stem":5887},"ERR01-C. Use ferror() rather than errno to check for FILE stream errors","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Ferror-handling-err\u002Ferr01-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F08.error-handling-err\u002F3.err01-c",{"title":5889,"path":5890,"stem":5891},"ERR02-C. Avoid in-band error indicators","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Ferror-handling-err\u002Ferr02-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F08.error-handling-err\u002F4.err02-c",{"title":5893,"path":5894,"stem":5895},"ERR04-C. Choose an appropriate termination strategy","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Ferror-handling-err\u002Ferr04-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F08.error-handling-err\u002F5.err04-c",{"title":5897,"path":5898,"stem":5899},"ERR05-C. Application-independent code should provide error detection without dictating error handling","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Ferror-handling-err\u002Ferr05-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F08.error-handling-err\u002F6.err05-c",{"title":5901,"path":5902,"stem":5903},"ERR06-C. Understand the termination behavior of assert() and abort()","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Ferror-handling-err\u002Ferr06-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F08.error-handling-err\u002F7.err06-c",{"title":5905,"path":5906,"stem":5907},"ERR07-C. Prefer functions that support error checking over equivalent functions that don't","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Ferror-handling-err\u002Ferr07-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F08.error-handling-err\u002F8.err07-c",{"title":4952,"path":5909,"stem":5910,"children":5911},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fexpressions-exp","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F09.expressions-exp\u002F01.index",[5912,5913,5917,5921,5925,5929,5933,5937,5941,5945,5949,5953,5957,5961,5965,5969,5973],{"title":4952,"path":5909,"stem":5910},{"title":5914,"path":5915,"stem":5916},"EXP00-C. Use parentheses for precedence of operation","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp00-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F09.expressions-exp\u002F02.exp00-c",{"title":5918,"path":5919,"stem":5920},"EXP02-C. Be aware of the short-circuit behavior of the logical AND and OR operators","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp02-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F09.expressions-exp\u002F03.exp02-c",{"title":5922,"path":5923,"stem":5924},"EXP03-C. Do not assume the size of a structure is the sum of the sizes of its members","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp03-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F09.expressions-exp\u002F04.exp03-c",{"title":5926,"path":5927,"stem":5928},"EXP05-C. Do not cast away a const qualification","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp05-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F09.expressions-exp\u002F05.exp05-c",{"title":5930,"path":5931,"stem":5932},"EXP07-C. Do not diminish the benefits of constants by assuming their values in expressions","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp07-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F09.expressions-exp\u002F06.exp07-c",{"title":5934,"path":5935,"stem":5936},"EXP08-C. Ensure pointer arithmetic is used correctly","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp08-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F09.expressions-exp\u002F07.exp08-c",{"title":5938,"path":5939,"stem":5940},"EXP09-C. Use sizeof to determine the size of a type or variable","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp09-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F09.expressions-exp\u002F08.exp09-c",{"title":5942,"path":5943,"stem":5944},"EXP10-C. Do not depend on the order of evaluation of subexpressions or the order in which side effects take place","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp10-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F09.expressions-exp\u002F09.exp10-c",{"title":5946,"path":5947,"stem":5948},"EXP11-C. Do not make assumptions regarding the layout of structures with bit-fields","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp11-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F09.expressions-exp\u002F10.exp11-c",{"title":5950,"path":5951,"stem":5952},"EXP12-C. Do not ignore values returned by functions","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp12-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F09.expressions-exp\u002F11.exp12-c",{"title":5954,"path":5955,"stem":5956},"EXP13-C. Treat relational and equality operators as if they were nonassociative","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp13-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F09.expressions-exp\u002F12.exp13-c",{"title":5958,"path":5959,"stem":5960},"EXP14-C. Beware of integer promotion when performing bitwise operations on integer types smaller than int","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp14-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F09.expressions-exp\u002F13.exp14-c",{"title":5962,"path":5963,"stem":5964},"EXP15-C. Do not place a semicolon on the same line as an if, for, or while statement","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp15-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F09.expressions-exp\u002F14.exp15-c",{"title":5966,"path":5967,"stem":5968},"EXP16-C. Do not compare function pointers to constant values","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp16-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F09.expressions-exp\u002F15.exp16-c",{"title":5970,"path":5971,"stem":5972},"EXP19-C. Use braces for the body of an if, for, or while statement","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp19-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F09.expressions-exp\u002F16.exp19-c",{"title":5974,"path":5975,"stem":5976},"EXP20-C. Perform explicit tests to determine success, true and false, and equality","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp20-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F09.expressions-exp\u002F17.exp20-c",{"title":5018,"path":5978,"stem":5979,"children":5980},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Ffloating-point-flp","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F10.floating-point-flp\u002F1.index",[5981,5982,5986,5990,5994,5998,6002,6006,6010],{"title":5018,"path":5978,"stem":5979},{"title":5983,"path":5984,"stem":5985},"FLP00-C. Understand the limitations of floating-point numbers","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Ffloating-point-flp\u002Fflp00-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F10.floating-point-flp\u002F2.flp00-c",{"title":5987,"path":5988,"stem":5989},"FLP01-C. Take care in rearranging floating-point expressions","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Ffloating-point-flp\u002Fflp01-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F10.floating-point-flp\u002F3.flp01-c",{"title":5991,"path":5992,"stem":5993},"FLP02-C. Avoid using floating-point numbers when precise computation is needed","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Ffloating-point-flp\u002Fflp02-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F10.floating-point-flp\u002F4.flp02-c",{"title":5995,"path":5996,"stem":5997},"FLP03-C. Detect and handle floating-point errors","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Ffloating-point-flp\u002Fflp03-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F10.floating-point-flp\u002F5.flp03-c",{"title":5999,"path":6000,"stem":6001},"FLP04-C. Check floating-point inputs for exceptional values","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Ffloating-point-flp\u002Fflp04-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F10.floating-point-flp\u002F6.flp04-c",{"title":6003,"path":6004,"stem":6005},"FLP05-C. Do not use denormalized numbers","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Ffloating-point-flp\u002Fflp05-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F10.floating-point-flp\u002F7.flp05-c",{"title":6007,"path":6008,"stem":6009},"FLP06-C. Convert integers to floating point for floating-point operations","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Ffloating-point-flp\u002Fflp06-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F10.floating-point-flp\u002F8.flp06-c",{"title":6011,"path":6012,"stem":6013},"FLP07-C. Cast the return value of a function that returns a floating-point type","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Ffloating-point-flp\u002Fflp07-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F10.floating-point-flp\u002F9.flp07-c",{"title":5044,"path":6015,"stem":6016,"children":6017},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F01.index",[6018,6019,6023,6027,6031,6035,6039,6043,6047,6051,6055,6059,6063,6067,6071,6075,6079,6083,6087,6091,6095],{"title":5044,"path":6015,"stem":6016},{"title":6020,"path":6021,"stem":6022},"FIO01-C. Be careful using functions that use file names for identification","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio01-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F02.fio01-c",{"title":6024,"path":6025,"stem":6026},"FIO02-C. Canonicalize path names originating from tainted sources","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio02-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F03.fio02-c",{"title":6028,"path":6029,"stem":6030},"FIO03-C. Do not make assumptions about fopen() and file creation","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio03-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F04.fio03-c",{"title":6032,"path":6033,"stem":6034},"FIO05-C. Identify files using multiple file attributes","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio05-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F05.fio05-c",{"title":6036,"path":6037,"stem":6038},"FIO06-C. Create files with appropriate access permissions","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio06-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F06.fio06-c",{"title":6040,"path":6041,"stem":6042},"FIO08-C. Take care when calling remove() on an open file","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio08-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F07.fio08-c",{"title":6044,"path":6045,"stem":6046},"FIO09-C. Be careful with binary data when transferring data across systems","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio09-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F08.fio09-c",{"title":6048,"path":6049,"stem":6050},"FIO10-C. Take care when using the rename() function","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio10-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F09.fio10-c",{"title":6052,"path":6053,"stem":6054},"FIO11-C. Take care when specifying the mode parameter of fopen()","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio11-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F10.fio11-c",{"title":6056,"path":6057,"stem":6058},"FIO13-C. Never push back anything other than one read character","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio13-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F11.fio13-c",{"title":6060,"path":6061,"stem":6062},"FIO14-C. Understand the difference between text mode and binary mode with file streams","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio14-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F12.fio14-c",{"title":6064,"path":6065,"stem":6066},"FIO15-C. Ensure that file operations are performed in a secure directory","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio15-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F13.fio15-c",{"title":6068,"path":6069,"stem":6070},"FIO17-C. Do not rely on an ending null character when using fread()","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio17-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F14.fio17-c",{"title":6072,"path":6073,"stem":6074},"FIO18-C. Never expect fwrite() to terminate the writing process at a null character","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio18-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F15.fio18-c",{"title":6076,"path":6077,"stem":6078},"FIO19-C. Do not use fseek() and ftell() to compute the size of a regular file","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio19-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F16.fio19-c",{"title":6080,"path":6081,"stem":6082},"FIO20-C. Avoid unintentional truncation when using fgets() or fgetws()","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio20-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F17.fio20-c",{"title":6084,"path":6085,"stem":6086},"FIO21-C. Do not create temporary files in shared directories","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio21-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F18.fio21-c",{"title":6088,"path":6089,"stem":6090},"FIO22-C. Close files before spawning processes","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio22-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F19.fio22-c",{"title":6092,"path":6093,"stem":6094},"FIO23-C. Do not exit with unflushed data in stdout or stderr","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio23-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F20.fio23-c",{"title":6096,"path":6097,"stem":6098},"FIO24-C. Do not open a file that is already open","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio24-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F21.fio24-c",{"title":5102,"path":6100,"stem":6101,"children":6102},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fintegers-int","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F12.integers-int\u002F01.index",[6103,6104,6108,6112,6116,6120,6124,6128,6132,6136,6140,6144,6148,6152,6156,6160],{"title":5102,"path":6100,"stem":6101},{"title":6105,"path":6106,"stem":6107},"INT00-C. Understand the data model used by your implementation(s)","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fintegers-int\u002Fint00-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F12.integers-int\u002F02.int00-c",{"title":6109,"path":6110,"stem":6111},"INT01-C. Use size_t or rsize_t for all integer values representing the size of an object","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fintegers-int\u002Fint01-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F12.integers-int\u002F03.int01-c",{"title":6113,"path":6114,"stem":6115},"INT04-C. Enforce limits on integer values originating from tainted sources","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fintegers-int\u002Fint04-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F12.integers-int\u002F05.int04-c",{"title":6117,"path":6118,"stem":6119},"INT05-C. Do not use input functions to convert character data if they cannot handle all possible inputs","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fintegers-int\u002Fint05-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F12.integers-int\u002F06.int05-c",{"title":6121,"path":6122,"stem":6123},"INT07-C. Use only explicitly signed or unsigned char type for numeric values","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fintegers-int\u002Fint07-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F12.integers-int\u002F07.int07-c",{"title":6125,"path":6126,"stem":6127},"INT08-C. Verify that all integer values are in range","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fintegers-int\u002Fint08-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F12.integers-int\u002F08.int08-c",{"title":6129,"path":6130,"stem":6131},"INT09-C. Ensure enumeration constants map to unique values","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fintegers-int\u002Fint09-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F12.integers-int\u002F09.int09-c",{"title":6133,"path":6134,"stem":6135},"INT10-C. Do not assume a positive remainder when using the % operator","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fintegers-int\u002Fint10-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F12.integers-int\u002F10.int10-c",{"title":6137,"path":6138,"stem":6139},"INT12-C. Do not make assumptions about the type of a plain int bit-field when used in an expression","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fintegers-int\u002Fint12-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F12.integers-int\u002F11.int12-c",{"title":6141,"path":6142,"stem":6143},"INT13-C. Use bitwise operators only on unsigned operands","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fintegers-int\u002Fint13-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F12.integers-int\u002F12.int13-c",{"title":6145,"path":6146,"stem":6147},"INT14-C. Avoid performing bitwise and arithmetic operations on the same data","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fintegers-int\u002Fint14-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F12.integers-int\u002F13.int14-c",{"title":6149,"path":6150,"stem":6151},"INT15-C. Use intmax_t or uintmax_t for formatted IO on programmer-defined integer types","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fintegers-int\u002Fint15-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F12.integers-int\u002F14.int15-c",{"title":6153,"path":6154,"stem":6155},"INT16-C. Do not make assumptions about representation of signed integers","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fintegers-int\u002Fint16-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F12.integers-int\u002F15.int16-c",{"title":6157,"path":6158,"stem":6159},"INT17-C. Define integer constants in an implementation-independent manner","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fintegers-int\u002Fint17-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F12.integers-int\u002F16.int17-c",{"title":6161,"path":6162,"stem":6163},"INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fintegers-int\u002Fint18-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F12.integers-int\u002F17.int18-c",{"title":5134,"path":6165,"stem":6166,"children":6167},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmemory-management-mem","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F13.memory-management-mem\u002F01.index",[6168,6169,6173,6177,6181,6185,6189,6193,6197,6201,6205,6209],{"title":5134,"path":6165,"stem":6166},{"title":6170,"path":6171,"stem":6172},"MEM00-C. Allocate and free memory in the same module, at the same level of abstraction","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmemory-management-mem\u002Fmem00-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F13.memory-management-mem\u002F02.mem00-c",{"title":6174,"path":6175,"stem":6176},"MEM01-C. Store a new value in pointers immediately after free()","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmemory-management-mem\u002Fmem01-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F13.memory-management-mem\u002F03.mem01-c",{"title":6178,"path":6179,"stem":6180},"MEM02-C. Immediately cast the result of a memory allocation function call into a pointer to the allocated type","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmemory-management-mem\u002Fmem02-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F13.memory-management-mem\u002F04.mem02-c",{"title":6182,"path":6183,"stem":6184},"MEM03-C. Clear sensitive information stored in reusable resources","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmemory-management-mem\u002Fmem03-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F13.memory-management-mem\u002F05.mem03-c",{"title":6186,"path":6187,"stem":6188},"MEM04-C. Beware of zero-length allocations","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmemory-management-mem\u002Fmem04-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F13.memory-management-mem\u002F06.mem04-c",{"title":6190,"path":6191,"stem":6192},"MEM05-C. Avoid large stack allocations","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmemory-management-mem\u002Fmem05-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F13.memory-management-mem\u002F07.mem05-c",{"title":6194,"path":6195,"stem":6196},"MEM06-C. Ensure that sensitive data is not written out to disk","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmemory-management-mem\u002Fmem06-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F13.memory-management-mem\u002F08.mem06-c",{"title":6198,"path":6199,"stem":6200},"MEM07-C. Ensure that the arguments to calloc(), when multiplied, do not wrap","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmemory-management-mem\u002Fmem07-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F13.memory-management-mem\u002F09.mem07-c",{"title":6202,"path":6203,"stem":6204},"MEM10-C. Define and use a pointer validation function","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmemory-management-mem\u002Fmem10-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F13.memory-management-mem\u002F10.mem10-c",{"title":6206,"path":6207,"stem":6208},"MEM11-C. Do not assume infinite heap space","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmemory-management-mem\u002Fmem11-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F13.memory-management-mem\u002F11.mem11-c",{"title":6210,"path":6211,"stem":6212},"MEM12-C. Consider using a goto chain when leaving a function on error when using and releasing resources","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmemory-management-mem\u002Fmem12-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F13.memory-management-mem\u002F12.mem12-c",{"title":5164,"path":6214,"stem":6215,"children":6216},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmicrosoft-windows-win","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F14.microsoft-windows-win\u002F1.index",[6217,6218,6222,6226,6230,6234],{"title":5164,"path":6214,"stem":6215},{"title":6219,"path":6220,"stem":6221},"WIN00-C. Be specific when dynamically loading libraries","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmicrosoft-windows-win\u002Fwin00-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F14.microsoft-windows-win\u002F2.win00-c",{"title":6223,"path":6224,"stem":6225},"WIN01-C. Do not forcibly terminate execution","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmicrosoft-windows-win\u002Fwin01-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F14.microsoft-windows-win\u002F3.win01-c",{"title":6227,"path":6228,"stem":6229},"WIN02-C. Restrict privileges when spawning child processes","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmicrosoft-windows-win\u002Fwin02-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F14.microsoft-windows-win\u002F4.win02-c",{"title":6231,"path":6232,"stem":6233},"WIN03-C. Understand HANDLE inheritance","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmicrosoft-windows-win\u002Fwin03-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F14.microsoft-windows-win\u002F5.win03-c",{"title":6235,"path":6236,"stem":6237},"WIN04-C. Consider encrypting function pointers","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmicrosoft-windows-win\u002Fwin04-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F14.microsoft-windows-win\u002F6.win04-c",{"title":5174,"path":6239,"stem":6240,"children":6241},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F01.index",[6242,6243,6247,6251,6255,6259,6263,6267,6271,6275,6279,6283,6287,6291,6295,6299,6303,6307,6309,6313,6317,6321,6325],{"title":5174,"path":6239,"stem":6240},{"title":6244,"path":6245,"stem":6246},"MSC00-C. Compile cleanly at high warning levels","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc00-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F02.msc00-c",{"title":6248,"path":6249,"stem":6250},"MSC01-C. Strive for logical completeness","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc01-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F03.msc01-c",{"title":6252,"path":6253,"stem":6254},"MSC04-C. Use comments consistently and in a readable fashion","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc04-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F04.msc04-c",{"title":6256,"path":6257,"stem":6258},"MSC05-C. Do not manipulate time_t typed values directly","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc05-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F05.msc05-c",{"title":6260,"path":6261,"stem":6262},"MSC06-C. Beware of compiler optimizations","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc06-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F06.msc06-c",{"title":6264,"path":6265,"stem":6266},"MSC07-C. Detect and remove dead code","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc07-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F07.msc07-c",{"title":6268,"path":6269,"stem":6270},"UTF8-related issues","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Futf8-related-issues","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F08.utf8-related-issues",{"title":6272,"path":6273,"stem":6274},"MSC11-C. Incorporate diagnostic tests using assertions","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc11-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F09.msc11-c",{"title":6276,"path":6277,"stem":6278},"MSC12-C. Detect and remove code that has no effect or is never executed","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc12-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F10.msc12-c",{"title":6280,"path":6281,"stem":6282},"MSC13-C. Detect and remove unused values","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc13-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F11.msc13-c",{"title":6284,"path":6285,"stem":6286},"MSC14-C. Do not introduce unnecessary platform dependencies","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc14-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F12.msc14-c",{"title":6288,"path":6289,"stem":6290},"MSC15-C. Do not depend on undefined behavior","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc15-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F13.msc15-c",{"title":6292,"path":6293,"stem":6294},"MSC17-C. Finish every set of statements associated with a case label with a break statement","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc17-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F14.msc17-c",{"title":6296,"path":6297,"stem":6298},"MSC18-C. Be careful while handling sensitive data, such as passwords, in program code","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc18-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F15.msc18-c",{"title":6300,"path":6301,"stem":6302},"MSC19-C. For functions that return an array, prefer returning an empty array over a null value","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc19-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F16.msc19-c",{"title":6304,"path":6305,"stem":6306},"MSC20-C. Do not use a switch statement to transfer control into a complex block","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc20-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F17.msc20-c",{"title":2157,"path":2156,"stem":6308},"4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F18.msc21-c",{"title":6310,"path":6311,"stem":6312},"MSC22-C. Use the setjmp(), longjmp() facility securely","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc22-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F19.msc22-c",{"title":6314,"path":6315,"stem":6316},"MSC23-C. Beware of vendor-specific library and language differences","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc23-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F20.msc23-c",{"title":6318,"path":6319,"stem":6320},"MSC24-C. Do not use deprecated or obsolescent functions","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc24-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F21.msc24-c",{"title":6322,"path":6323,"stem":6324},"MSC25-C. Do not use insecure or weak cryptographic algorithms","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc25-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F22.msc25-c",{"title":6326,"path":6327,"stem":6328},"Use subset of ASCII for safety","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fuse-subset-of-ascii-for-safety","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F23.use-subset-of-ascii-for-safety",{"title":5212,"path":6330,"stem":6331,"children":6332},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fposix-pos","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F16.posix-pos\u002F1.index",[6333,6334,6338,6342,6346],{"title":5212,"path":6330,"stem":6331},{"title":6335,"path":6336,"stem":6337},"POS01-C. Check for the existence of links when dealing with files","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fposix-pos\u002Fpos01-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F16.posix-pos\u002F2.pos01-c",{"title":6339,"path":6340,"stem":6341},"POS02-C. Follow the principle of least privilege","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fposix-pos\u002Fpos02-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F16.posix-pos\u002F3.pos02-c",{"title":6343,"path":6344,"stem":6345},"POS04-C. Avoid using PTHREAD_MUTEX_NORMAL type mutex locks","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fposix-pos\u002Fpos04-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F16.posix-pos\u002F4.pos04-c",{"title":6347,"path":6348,"stem":6349},"POS05-C. Limit access to files by creating a jail","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fposix-pos\u002Fpos05-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F16.posix-pos\u002F5.pos05-c",{"title":5282,"path":6351,"stem":6352,"children":6353},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fpreprocessor-pre","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F17.preprocessor-pre\u002F01.index",[6354,6355,6359,6363,6367,6371,6375,6379,6383,6387,6391,6395,6399,6403],{"title":5282,"path":6351,"stem":6352},{"title":6356,"path":6357,"stem":6358},"PRE00-C. Prefer inline or static functions to function-like macros","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fpreprocessor-pre\u002Fpre00-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F17.preprocessor-pre\u002F02.pre00-c",{"title":6360,"path":6361,"stem":6362},"PRE01-C. Use parentheses within macros around parameter names","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fpreprocessor-pre\u002Fpre01-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F17.preprocessor-pre\u002F03.pre01-c",{"title":6364,"path":6365,"stem":6366},"PRE02-C. Macro replacement lists should be parenthesized","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fpreprocessor-pre\u002Fpre02-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F17.preprocessor-pre\u002F04.pre02-c",{"title":6368,"path":6369,"stem":6370},"PRE04-C. Do not reuse a standard header file name","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fpreprocessor-pre\u002Fpre04-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F17.preprocessor-pre\u002F05.pre04-c",{"title":6372,"path":6373,"stem":6374},"PRE05-C. Understand macro replacement when concatenating tokens or performing stringification","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fpreprocessor-pre\u002Fpre05-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F17.preprocessor-pre\u002F06.pre05-c",{"title":6376,"path":6377,"stem":6378},"PRE06-C. Enclose header files in an include guard","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fpreprocessor-pre\u002Fpre06-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F17.preprocessor-pre\u002F07.pre06-c",{"title":6380,"path":6381,"stem":6382},"PRE07-C. Avoid using repeated question marks","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fpreprocessor-pre\u002Fpre07-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F17.preprocessor-pre\u002F08.pre07-c",{"title":6384,"path":6385,"stem":6386},"PRE08-C. Guarantee that header file names are unique","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fpreprocessor-pre\u002Fpre08-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F17.preprocessor-pre\u002F09.pre08-c",{"title":6388,"path":6389,"stem":6390},"PRE09-C. Do not replace secure functions with deprecated or obsolescent functions","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fpreprocessor-pre\u002Fpre09-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F17.preprocessor-pre\u002F10.pre09-c",{"title":6392,"path":6393,"stem":6394},"PRE10-C. Wrap multistatement macros in a do-while loop","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fpreprocessor-pre\u002Fpre10-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F17.preprocessor-pre\u002F11.pre10-c",{"title":6396,"path":6397,"stem":6398},"PRE11-C. Do not conclude macro definitions with a semicolon","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fpreprocessor-pre\u002Fpre11-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F17.preprocessor-pre\u002F12.pre11-c",{"title":6400,"path":6401,"stem":6402},"PRE12-C. Do not define unsafe macros","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fpreprocessor-pre\u002Fpre12-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F17.preprocessor-pre\u002F13.pre12-c",{"title":6404,"path":6405,"stem":6406},"PRE13-C. Use the Standard predefined macros to test for versions and features.","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fpreprocessor-pre\u002Fpre13-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F17.preprocessor-pre\u002F14.pre13-c",{"title":5300,"path":6408,"stem":6409,"children":6410},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fsignals-sig","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F18.signals-sig\u002F1.index",[6411,6412,6416,6420],{"title":5300,"path":6408,"stem":6409},{"title":6413,"path":6414,"stem":6415},"SIG00-C. Mask signals handled by noninterruptible signal handlers","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fsignals-sig\u002Fsig00-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F18.signals-sig\u002F2.sig00-c",{"title":6417,"path":6418,"stem":6419},"SIG01-C. Understand implementation-specific details regarding signal handler persistence","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fsignals-sig\u002Fsig01-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F18.signals-sig\u002F3.sig01-c",{"title":6421,"path":6422,"stem":6423},"SIG02-C. Avoid using signals to implement normal functionality","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fsignals-sig\u002Fsig02-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F18.signals-sig\u002F4.sig02-c",{"title":6425,"path":6426,"stem":6427},"CERT manifest files","\u002Fsei-cert-c-coding-standard\u002Fcert-manifest-files","4.sei-cert-c-coding-standard\u002F09.cert-manifest-files",1775657796988]