[{"data":1,"prerenderedAt":6419},["ShallowReactive",2],{"global-navigation":3,"page-\u002Fsei-cert-c-coding-standard\u002Frules\u002Farrays-arr\u002Farr38-c":28,"surround-\u002Fsei-cert-c-coding-standard\u002Frules\u002Farrays-arr\u002Farr38-c":4641,"sidebar-sei-cert-c-coding-standard":4648},[4,8],{"title":5,"path":6,"_path":6,"fromAppConfig":7},"Home","\u002F",true,{"title":9,"path":10,"children":11,"_path":27,"fromAppConfig":7},"Coding Standards","\u002Fcoding-standards\u002F",[12,15,18,21,24],{"title":13,"path":14},"Android Coding Standard","\u002Fandroid-secure-coding-standard\u002F",{"title":16,"path":17},"C Coding Standard","\u002Fsei-cert-c-coding-standard\u002F",{"title":19,"path":20},"C++ Coding Standard","\u002Fsei-cert-cpp-coding-standard\u002F",{"title":22,"path":23},"Java Coding Standard","\u002Fsei-cert-oracle-coding-standard-for-java\u002F",{"title":25,"path":26},"Perl Coding Standard","\u002Fsei-cert-perl-coding-standard\u002F","\u002Fcoding-standards",{"id":29,"title":30,"body":31,"description":4630,"extension":4631,"meta":4632,"navigation":7,"path":2975,"seo":4638,"stem":4639,"__hash__":4640},"content\u002F4.sei-cert-c-coding-standard\u002F03.rules\u002F03.arrays-arr\u002F6.arr38-c.md","ARR38-C. Guarantee that library functions do not form invalid pointers",{"type":32,"value":33,"toc":4594},"minimark",[34,38,48,61,64,185,243,248,251,632,655,658,663,680,841,845,879,1015,1019,1029,1144,1148,1156,1251,1254,1276,1388,1391,1397,1491,1495,1498,1609,1612,1616,1625,1710,1714,1720,1828,1832,1835,1895,1900,1904,1927,2078,2082,2091,2219,2223,2289,2432,2436,2442,2565,2569,2578,2581,2917,2932,2982,2986,2992,3329,3333,3341,3401,3405,3995,3999,4010,4022,4026,4033,4246,4250,4256,4260,4263,4268,4271,4276,4279,4284,4289,4293,4296,4300,4303,4306,4309,4312,4317,4320,4325,4328,4333,4338,4342,4345,4350,4353,4358,4361,4366,4370,4373,4375,4377,4380,4385,4390,4395,4400,4405,4410,4413,4418,4421,4426,4430,4433,4438,4442,4445,4451,4456,4459,4465,4470,4475,4480,4483,4488,4493,4498,4502,4506,4566,4569,4590],[35,36,30],"h1",{"id":37},"arr38-c-guarantee-that-library-functions-do-not-form-invalid-pointers",[39,40,41,42,47],"p",{},"C library functions that make changes to arrays or objects take at least two arguments: a pointer to the array or object and an integer indicating the number of elements or bytes to be manipulated. For the purposes of this rule, the element count of a pointer is the size of the object to which it points, expressed by the number of elements that are valid to access. Supplying arguments to such a function might cause the function to form a pointer that does not point into or just past the end of the object, resulting in ",[43,44,46],"a",{"href":45},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fbb-definitions#BB.Definitions-undefinedbehavior","undefined behavior"," .",[39,49,50,51,55,56,60],{},"Annex J of the C Standard [ ",[43,52,54],{"href":53},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Faa-bibliography#AA.Bibliography-ISO\u002FIEC9899-2024","ISO\u002FIEC 9899:2024"," ] states that it is undefined behavior if the \"pointer passed to a library function array parameter does not have a value such that all address computations and object accesses are valid.\" (See ",[43,57,59],{"href":58},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fcc-undefined-behavior#CC.UndefinedBehavior-ub_108","undefined behavior 108"," .)",[39,62,63],{},"In the following code,",[65,66,71],"pre",{"className":67,"code":68,"language":69,"meta":70,"style":70},"language-java shiki shiki-themes github-light github-dark monokai","int arr[5];\nint *p = arr;\n\nunsigned char *p2 = (unsigned char *)arr;\nunsigned char *p3 = arr + 2;\nvoid *p4 = arr;\n","java","",[72,73,74,94,112,118,144,170],"code",{"__ignoreMap":70},[75,76,79,83,87,91],"span",{"class":77,"line":78},"line",1,[75,80,82],{"class":81},"sq6CD","int",[75,84,86],{"class":85},"sMOD_"," arr[",[75,88,90],{"class":89},"s7F3e","5",[75,92,93],{"class":85},"];\n",[75,95,97,99,103,106,109],{"class":77,"line":96},2,[75,98,82],{"class":81},[75,100,102],{"class":101},"sC2Qs"," *",[75,104,105],{"class":85},"p ",[75,107,108],{"class":101},"=",[75,110,111],{"class":85}," arr;\n",[75,113,115],{"class":77,"line":114},3,[75,116,117],{"emptyLinePlaceholder":7},"\n",[75,119,121,124,127,129,132,134,137,139,141],{"class":77,"line":120},4,[75,122,123],{"class":85},"unsigned ",[75,125,126],{"class":81},"char",[75,128,102],{"class":101},[75,130,131],{"class":85},"p2 ",[75,133,108],{"class":101},[75,135,136],{"class":85}," (unsigned ",[75,138,126],{"class":81},[75,140,102],{"class":101},[75,142,143],{"class":85},")arr;\n",[75,145,147,149,151,153,156,158,161,164,167],{"class":77,"line":146},5,[75,148,123],{"class":85},[75,150,126],{"class":81},[75,152,102],{"class":101},[75,154,155],{"class":85},"p3 ",[75,157,108],{"class":101},[75,159,160],{"class":85}," arr ",[75,162,163],{"class":101},"+",[75,165,166],{"class":89}," 2",[75,168,169],{"class":85},";\n",[75,171,173,176,178,181,183],{"class":77,"line":172},6,[75,174,175],{"class":81},"void",[75,177,102],{"class":101},[75,179,180],{"class":85},"p4 ",[75,182,108],{"class":101},[75,184,111],{"class":85},[39,186,187,188,190,191,194,195,197,198,190,201,194,204,207,208,211,212,190,215,218,219,221,222,224,225,228,229,232,233,236,237,240,241,47],{},"the element count of the pointer ",[72,189,39],{}," is ",[72,192,193],{},"  sizeof(arr) \u002F sizeof(arr[0]) "," , that is, ",[72,196,90],{}," . The element count of the pointer ",[72,199,200],{},"p2",[72,202,203],{},"sizeof(arr)",[72,205,206],{},"20"," , on implementations where ",[72,209,210],{},"  sizeof(int) == 4 "," . The element count of the pointer ",[72,213,214],{},"p3",[72,216,217],{},"12"," on implementations where ",[72,220,210],{}," , because ",[72,223,214],{}," points two elements past the start of the array ",[72,226,227],{},"arr"," .  The element count of ",[72,230,231],{},"p4"," is treated as though it were ",[72,234,235],{},"  unsigned char * "," instead of ",[72,238,239],{},"  void * "," , so it is the same as ",[72,242,200],{},[244,245,247],"h2",{"id":246},"pointer-integer","Pointer + Integer",[39,249,250],{},"The following standard library functions take a pointer argument and a size argument, with the constraint that the pointer must point to a valid memory object of at least the number of elements indicated by the size argument.",[252,253,254,269],"table",{},[255,256,257],"thead",{},[258,259,260,263,265,267],"tr",{},[261,262],"th",{},[261,264],{},[261,266],{},[261,268],{},[270,271,272,306,340,368,390,412,434,456,478,500,522,544,566,588,610],"tbody",{},[258,273,274,280,285,298],{},[275,276,277],"td",{},[72,278,279],{},"fgets()",[275,281,282],{},[72,283,284],{},"fgetws()",[275,286,287,290,291],{},[72,288,289],{},"mbstowcs()"," ",[292,293,294,295],"sup",{},"1 ",[72,296,297],{},"      ",[275,299,300,290,303],{},[72,301,302],{},"wcstombs()",[292,304,305],{},"1",[258,307,308,318,326,333],{},[275,309,310,290,313],{},[72,311,312],{},"mbrtoc16()",[292,314,315,316],{},"2 ",[72,317,297],{},[275,319,320,290,323],{},[72,321,322],{},"mbrtoc32()",[292,324,325],{},"2",[275,327,328,290,331],{},[72,329,330],{},"mbsrtowcs()",[292,332,305],{},[275,334,335,290,338],{},[72,336,337],{},"wcsrtombs()",[292,339,305],{},[258,341,342,351,358,363],{},[275,343,344,290,347],{},[72,345,346],{},"mbtowc()",[292,348,315,349],{},[72,350,297],{},[275,352,353,290,356],{},[72,354,355],{},"mbrtowc()",[292,357,325],{},[275,359,360],{},[72,361,362],{},"mblen()",[275,364,365],{},[72,366,367],{},"mbrlen()",[258,369,370,375,380,385],{},[275,371,372],{},[72,373,374],{},"memchr()",[275,376,377],{},[72,378,379],{},"wmemchr()",[275,381,382],{},[72,383,384],{},"memset()",[275,386,387],{},[72,388,389],{},"wmemset()",[258,391,392,397,402,407],{},[275,393,394],{},[72,395,396],{},"strftime()",[275,398,399],{},[72,400,401],{},"wcsftime()",[275,403,404],{},[72,405,406],{},"     strxfrm()             1          ",[275,408,409],{},[72,410,411],{},"     wcsxfrm()             1          ",[258,413,414,419,424,429],{},[275,415,416],{},[72,417,418],{},"     strncat()             2          ",[275,420,421],{},[72,422,423],{},"     wcsncat()             2          ",[275,425,426],{},[72,427,428],{},"     snprintf()    ",[275,430,431],{},[72,432,433],{},"     vsnprintf()    ",[258,435,436,441,446,451],{},[275,437,438],{},[72,439,440],{},"swprintf()",[275,442,443],{},[72,444,445],{},"vswprintf()",[275,447,448],{},[72,449,450],{},"setvbuf()",[275,452,453],{},[72,454,455],{},"tmpnam_s()",[258,457,458,463,468,473],{},[275,459,460],{},[72,461,462],{},"snprintf_s()",[275,464,465],{},[72,466,467],{},"sprintf_s()",[275,469,470],{},[72,471,472],{},"vsnprintf_s()",[275,474,475],{},[72,476,477],{},"vsprintf_s()",[258,479,480,485,490,495],{},[275,481,482],{},[72,483,484],{},"gets_s()",[275,486,487],{},[72,488,489],{},"getenv_s()",[275,491,492],{},[72,493,494],{},"wctomb_s()",[275,496,497],{},[72,498,499],{},"     mbstowcs_s()             3          ",[258,501,502,507,512,517],{},[275,503,504],{},[72,505,506],{},"     wcstombs_s()             3          ",[275,508,509],{},[72,510,511],{},"     memcpy_s()             3          ",[275,513,514],{},[72,515,516],{},"     memmove_s()             3          ",[275,518,519],{},[72,520,521],{},"     strncpy_s()             3          ",[258,523,524,529,534,539],{},[275,525,526],{},[72,527,528],{},"     strncat_s()             3          ",[275,530,531],{},[72,532,533],{},"     strtok_s()             2          ",[275,535,536],{},[72,537,538],{},"     strerror_s()    ",[275,540,541],{},[72,542,543],{},"     strnlen_s()    ",[258,545,546,551,556,561],{},[275,547,548],{},[72,549,550],{},"asctime_s()",[275,552,553],{},[72,554,555],{},"ctime_s()",[275,557,558],{},[72,559,560],{},"snwprintf_s()",[275,562,563],{},[72,564,565],{},"swprintf_s()",[258,567,568,573,578,583],{},[275,569,570],{},[72,571,572],{},"vsnwprintf_s()",[275,574,575],{},[72,576,577],{},"vswprintf_s()",[275,579,580],{},[72,581,582],{},"     wcsncpy_s()             3          ",[275,584,585],{},[72,586,587],{},"     wmemcpy_s()             3          ",[258,589,590,595,600,605],{},[275,591,592],{},[72,593,594],{},"     wmemmove_s()             3          ",[275,596,597],{},[72,598,599],{},"     wcsncat_s()             3          ",[275,601,602],{},[72,603,604],{},"     wcstok_s()             2          ",[275,606,607],{},[72,608,609],{},"     wcsnlen_s()    ",[258,611,612,617,622,627],{},[275,613,614],{},[72,615,616],{},"wcrtomb_s()",[275,618,619],{},[72,620,621],{},"     mbsrtowcs_s()             3          ",[275,623,624],{},[72,625,626],{},"     wcsrtombs_s()             3          ",[275,628,629],{},[72,630,631],{},"     memset_s()             4          ",[39,633,634,636,637,640,642,643,645,648,649,651,654],{},[292,635,305],{}," Takes two pointers and an integer, but the integer specifies the element count only of the output buffer, not of the input buffer.",[638,639],"br",{},[292,641,325],{}," Takes two pointers and an integer, but the integer specifies the element count only of the input buffer, not of the output buffer.",[638,644],{},[292,646,647],{},"3"," Takes two pointers and two integers; each integer corresponds to the element count of one of the pointers.",[638,650],{},[292,652,653],{},"4"," Takes a pointer and two size-related integers; the first size-related integer parameter specifies the number of bytes available in the buffer; the second size-related integer parameter specifies the number of bytes to write within the buffer.",[39,656,657],{},"For calls that take a pointer and an integer size, the given size should not be greater than the element count of the pointer.",[659,660,662],"h3",{"id":661},"noncompliant-code-example-element-count","Noncompliant Code Example (Element Count)",[39,664,665,666,669,670,673,674,676,677,47],{},"In this noncompliant code example, the incorrect element count is used in a call to ",[72,667,668],{},"wmemcpy()"," . The ",[72,671,672],{},"sizeof"," operator returns the size expressed in bytes, but ",[72,675,668],{}," uses an element count based on ",[72,678,679],{},"  wchar_t * ",[681,682,684],"code-block",{"quality":683},"bad",[65,685,687],{"className":67,"code":686,"language":69,"meta":70,"style":70},"#include \u003Cstring.h>\n#include \u003Cwchar.h>\n \nstatic const char str[] = \"Hello world\";\nstatic const wchar_t w_str[] = L\"Hello world\";\nvoid func(void) {\n  char buffer[32];\n  wchar_t w_buffer[32];\n  memcpy(buffer, str, sizeof(str)); \u002F* Compliant *\u002F\n  wmemcpy(w_buffer, w_str, sizeof(w_str)); \u002F* Noncompliant *\u002F\n}\n",[72,688,689,703,714,719,741,760,776,790,800,818,835],{"__ignoreMap":70},[75,690,691,694,697,700],{"class":77,"line":78},[75,692,693],{"class":85},"#include ",[75,695,696],{"class":101},"\u003C",[75,698,699],{"class":85},"string.h",[75,701,702],{"class":101},">\n",[75,704,705,707,709,712],{"class":77,"line":96},[75,706,693],{"class":85},[75,708,696],{"class":101},[75,710,711],{"class":85},"wchar.h",[75,713,702],{"class":101},[75,715,716],{"class":77,"line":114},[75,717,718],{"class":85}," \n",[75,720,721,724,727,730,733,735,739],{"class":77,"line":120},[75,722,723],{"class":101},"static",[75,725,726],{"class":101}," const",[75,728,729],{"class":81}," char",[75,731,732],{"class":85}," str[] ",[75,734,108],{"class":101},[75,736,738],{"class":737},"sstjo"," \"Hello world\"",[75,740,169],{"class":85},[75,742,743,745,747,750,752,755,758],{"class":77,"line":146},[75,744,723],{"class":101},[75,746,726],{"class":101},[75,748,749],{"class":85}," wchar_t w_str[] ",[75,751,108],{"class":101},[75,753,754],{"class":85}," L",[75,756,757],{"class":737},"\"Hello world\"",[75,759,169],{"class":85},[75,761,762,764,768,771,773],{"class":77,"line":172},[75,763,175],{"class":81},[75,765,767],{"class":766},"srTi1"," func",[75,769,770],{"class":85},"(",[75,772,175],{"class":81},[75,774,775],{"class":85},") {\n",[75,777,779,782,785,788],{"class":77,"line":778},7,[75,780,781],{"class":81},"  char",[75,783,784],{"class":85}," buffer[",[75,786,787],{"class":89},"32",[75,789,93],{"class":85},[75,791,793,796,798],{"class":77,"line":792},8,[75,794,795],{"class":85},"  wchar_t w_buffer[",[75,797,787],{"class":89},[75,799,93],{"class":85},[75,801,803,806,809,811,814],{"class":77,"line":802},9,[75,804,805],{"class":766},"  memcpy",[75,807,808],{"class":85},"(buffer, str, ",[75,810,672],{"class":766},[75,812,813],{"class":85},"(str)); ",[75,815,817],{"class":816},"s8-w5","\u002F* Compliant *\u002F\n",[75,819,821,824,827,829,832],{"class":77,"line":820},10,[75,822,823],{"class":766},"  wmemcpy",[75,825,826],{"class":85},"(w_buffer, w_str, ",[75,828,672],{"class":766},[75,830,831],{"class":85},"(w_str)); ",[75,833,834],{"class":816},"\u002F* Noncompliant *\u002F\n",[75,836,838],{"class":77,"line":837},11,[75,839,840],{"class":85},"}\n",[659,842,844],{"id":843},"compliant-solution-element-count","Compliant Solution (Element Count)",[39,846,847,848,851,852,854,855,851,857,859,860,862,863,866,867,870,871,874,875,878],{},"When using functions that operate on pointed-to regions, programmers must always express the integer size in terms of the element count expected by the function. For example, ",[72,849,850],{},"memcpy()"," expects the element count expressed in terms of ",[72,853,239],{}," , but ",[72,856,668],{},[72,858,679],{}," .  Instead of the ",[72,861,672],{}," operator, functions that return the number of elements in the string are called, which matches the expected element count for the copy functions. In the case of this compliant solution, where the argument is an array ",[72,864,865],{},"A"," of type ",[72,868,869],{},"T"," , the expression ",[72,872,873],{},"  sizeof(A) \u002F sizeof(T) "," , or equivalently ",[72,876,877],{},"  sizeof(A) \u002F sizeof(*A) "," , can be used to compute the number of elements in the array.",[681,880,882],{"quality":881},"good",[65,883,885],{"className":67,"code":884,"language":69,"meta":70,"style":70},"#include \u003Cstring.h>\n#include \u003Cwchar.h>\n \nstatic const char str[] = \"Hello world\";\nstatic const wchar_t w_str[] = L\"Hello world\";\nvoid func(void) {\n  char buffer[32];\n  wchar_t w_buffer[32];\n  memcpy(buffer, str, strlen(str) + 1);\n  wmemcpy(w_buffer, w_str, wcslen(w_str) + 1);\n} \n",[72,886,887,897,907,911,927,943,955,965,973,993,1011],{"__ignoreMap":70},[75,888,889,891,893,895],{"class":77,"line":78},[75,890,693],{"class":85},[75,892,696],{"class":101},[75,894,699],{"class":85},[75,896,702],{"class":101},[75,898,899,901,903,905],{"class":77,"line":96},[75,900,693],{"class":85},[75,902,696],{"class":101},[75,904,711],{"class":85},[75,906,702],{"class":101},[75,908,909],{"class":77,"line":114},[75,910,718],{"class":85},[75,912,913,915,917,919,921,923,925],{"class":77,"line":120},[75,914,723],{"class":101},[75,916,726],{"class":101},[75,918,729],{"class":81},[75,920,732],{"class":85},[75,922,108],{"class":101},[75,924,738],{"class":737},[75,926,169],{"class":85},[75,928,929,931,933,935,937,939,941],{"class":77,"line":146},[75,930,723],{"class":101},[75,932,726],{"class":101},[75,934,749],{"class":85},[75,936,108],{"class":101},[75,938,754],{"class":85},[75,940,757],{"class":737},[75,942,169],{"class":85},[75,944,945,947,949,951,953],{"class":77,"line":172},[75,946,175],{"class":81},[75,948,767],{"class":766},[75,950,770],{"class":85},[75,952,175],{"class":81},[75,954,775],{"class":85},[75,956,957,959,961,963],{"class":77,"line":778},[75,958,781],{"class":81},[75,960,784],{"class":85},[75,962,787],{"class":89},[75,964,93],{"class":85},[75,966,967,969,971],{"class":77,"line":792},[75,968,795],{"class":85},[75,970,787],{"class":89},[75,972,93],{"class":85},[75,974,975,977,979,982,985,987,990],{"class":77,"line":802},[75,976,805],{"class":766},[75,978,808],{"class":85},[75,980,981],{"class":766},"strlen",[75,983,984],{"class":85},"(str) ",[75,986,163],{"class":101},[75,988,989],{"class":89}," 1",[75,991,992],{"class":85},");\n",[75,994,995,997,999,1002,1005,1007,1009],{"class":77,"line":820},[75,996,823],{"class":766},[75,998,826],{"class":85},[75,1000,1001],{"class":766},"wcslen",[75,1003,1004],{"class":85},"(w_str) ",[75,1006,163],{"class":101},[75,1008,989],{"class":89},[75,1010,992],{"class":85},[75,1012,1013],{"class":77,"line":837},[75,1014,840],{"class":85},[659,1016,1018],{"id":1017},"noncompliant-code-example-pointer-integer","Noncompliant Code Example (Pointer + Integer)",[39,1020,1021,1022,1025,1026,1028],{},"This noncompliant code example assigns a value greater than the number of bytes of available memory to ",[72,1023,1024],{},"n"," , which is then passed to ",[72,1027,384],{}," :",[681,1030,1031],{"quality":683},[65,1032,1034],{"className":67,"code":1033,"language":69,"meta":70,"style":70},"#include \u003Cstdlib.h>\n#include \u003Cstring.h>\n \nvoid f1(size_t nchars) {\n  char *p = (char *)malloc(nchars);\n  \u002F* ... *\u002F\n  const size_t n = nchars + 1;\n  \u002F* ... *\u002F\n  memset(p, 0, n);\n}\n",[72,1035,1036,1047,1057,1061,1071,1098,1103,1122,1126,1140],{"__ignoreMap":70},[75,1037,1038,1040,1042,1045],{"class":77,"line":78},[75,1039,693],{"class":85},[75,1041,696],{"class":101},[75,1043,1044],{"class":85},"stdlib.h",[75,1046,702],{"class":101},[75,1048,1049,1051,1053,1055],{"class":77,"line":96},[75,1050,693],{"class":85},[75,1052,696],{"class":101},[75,1054,699],{"class":85},[75,1056,702],{"class":101},[75,1058,1059],{"class":77,"line":114},[75,1060,718],{"class":85},[75,1062,1063,1065,1068],{"class":77,"line":120},[75,1064,175],{"class":81},[75,1066,1067],{"class":766}," f1",[75,1069,1070],{"class":85},"(size_t nchars) {\n",[75,1072,1073,1076,1078,1080,1082,1085,1087,1089,1092,1095],{"class":77,"line":146},[75,1074,1075],{"class":81},"  char",[75,1077,102],{"class":101},[75,1079,105],{"class":85},[75,1081,108],{"class":101},[75,1083,1084],{"class":85}," (",[75,1086,126],{"class":81},[75,1088,102],{"class":101},[75,1090,1091],{"class":85},")",[75,1093,1094],{"class":766},"malloc",[75,1096,1097],{"class":85},"(nchars);\n",[75,1099,1100],{"class":77,"line":172},[75,1101,1102],{"class":816},"  \u002F* ... *\u002F\n",[75,1104,1105,1108,1111,1113,1116,1118,1120],{"class":77,"line":778},[75,1106,1107],{"class":101},"  const",[75,1109,1110],{"class":85}," size_t n ",[75,1112,108],{"class":101},[75,1114,1115],{"class":85}," nchars ",[75,1117,163],{"class":101},[75,1119,989],{"class":89},[75,1121,169],{"class":85},[75,1123,1124],{"class":77,"line":792},[75,1125,1102],{"class":816},[75,1127,1128,1131,1134,1137],{"class":77,"line":802},[75,1129,1130],{"class":766},"  memset",[75,1132,1133],{"class":85},"(p, ",[75,1135,1136],{"class":89},"0",[75,1138,1139],{"class":85},", n);\n",[75,1141,1142],{"class":77,"line":820},[75,1143,840],{"class":85},[659,1145,1147],{"id":1146},"compliant-solution-pointer-integer","Compliant Solution (Pointer + Integer)",[39,1149,1150,1151,1153,1154,1028],{},"This compliant solution ensures that the value of ",[72,1152,1024],{}," is not greater than the number of bytes of the dynamic memory pointed to by the pointer ",[72,1155,39],{},[681,1157,1158],{"quality":881},[65,1159,1161],{"className":67,"code":1160,"language":69,"meta":70,"style":70},"#include \u003Cstdlib.h>\n#include \u003Cstring.h>\n \nvoid f1(size_t nchars) {\n  char *p = (char *)malloc(nchars);\n  \u002F* ...  *\u002F\n  const size_t n = nchars;\n  \u002F* ...  *\u002F\n  memset(p, 0, n);\n}\n",[72,1162,1163,1173,1183,1187,1195,1217,1222,1233,1237,1247],{"__ignoreMap":70},[75,1164,1165,1167,1169,1171],{"class":77,"line":78},[75,1166,693],{"class":85},[75,1168,696],{"class":101},[75,1170,1044],{"class":85},[75,1172,702],{"class":101},[75,1174,1175,1177,1179,1181],{"class":77,"line":96},[75,1176,693],{"class":85},[75,1178,696],{"class":101},[75,1180,699],{"class":85},[75,1182,702],{"class":101},[75,1184,1185],{"class":77,"line":114},[75,1186,718],{"class":85},[75,1188,1189,1191,1193],{"class":77,"line":120},[75,1190,175],{"class":81},[75,1192,1067],{"class":766},[75,1194,1070],{"class":85},[75,1196,1197,1199,1201,1203,1205,1207,1209,1211,1213,1215],{"class":77,"line":146},[75,1198,1075],{"class":81},[75,1200,102],{"class":101},[75,1202,105],{"class":85},[75,1204,108],{"class":101},[75,1206,1084],{"class":85},[75,1208,126],{"class":81},[75,1210,102],{"class":101},[75,1212,1091],{"class":85},[75,1214,1094],{"class":766},[75,1216,1097],{"class":85},[75,1218,1219],{"class":77,"line":172},[75,1220,1221],{"class":816},"  \u002F* ...  *\u002F\n",[75,1223,1224,1226,1228,1230],{"class":77,"line":778},[75,1225,1107],{"class":101},[75,1227,1110],{"class":85},[75,1229,108],{"class":101},[75,1231,1232],{"class":85}," nchars;\n",[75,1234,1235],{"class":77,"line":792},[75,1236,1221],{"class":816},[75,1238,1239,1241,1243,1245],{"class":77,"line":802},[75,1240,1130],{"class":766},[75,1242,1133],{"class":85},[75,1244,1136],{"class":89},[75,1246,1139],{"class":85},[75,1248,1249],{"class":77,"line":820},[75,1250,840],{"class":85},[659,1252,1018],{"id":1253},"noncompliant-code-example-pointer-integer-1",[39,1255,1256,1257,190,1259,1262,1263,1265,1266,236,1269,1272,1273,47],{},"In this noncompliant code example, the element count of the array ",[72,1258,43],{},[72,1260,1261],{},"ARR_SIZE"," elements. Because ",[72,1264,384],{}," expects a byte count, the size of the array is scaled incorrectly by ",[72,1267,1268],{},"sizeof(int)",[72,1270,1271],{},"sizeof(long)"," , which can form an invalid pointer on architectures where ",[72,1274,1275],{},"  sizeof(int) != sizeof(long) ",[681,1277,1278],{"quality":683},[65,1279,1281],{"className":67,"code":1280,"language":69,"meta":70,"style":70},"#include \u003Cstring.h>\n \nvoid f2(void) {\n  const size_t ARR_SIZE = 4;\n  long a[ARR_SIZE];\n  const size_t n = sizeof(int) * ARR_SIZE;\n  void *p = a;\n\n  memset(p, 0, n);\n}\n",[72,1282,1283,1293,1297,1310,1324,1332,1356,1370,1374,1384],{"__ignoreMap":70},[75,1284,1285,1287,1289,1291],{"class":77,"line":78},[75,1286,693],{"class":85},[75,1288,696],{"class":101},[75,1290,699],{"class":85},[75,1292,702],{"class":101},[75,1294,1295],{"class":77,"line":96},[75,1296,718],{"class":85},[75,1298,1299,1301,1304,1306,1308],{"class":77,"line":114},[75,1300,175],{"class":81},[75,1302,1303],{"class":766}," f2",[75,1305,770],{"class":85},[75,1307,175],{"class":81},[75,1309,775],{"class":85},[75,1311,1312,1314,1317,1319,1322],{"class":77,"line":120},[75,1313,1107],{"class":101},[75,1315,1316],{"class":85}," size_t ARR_SIZE ",[75,1318,108],{"class":101},[75,1320,1321],{"class":89}," 4",[75,1323,169],{"class":85},[75,1325,1326,1329],{"class":77,"line":146},[75,1327,1328],{"class":81},"  long",[75,1330,1331],{"class":85}," a[ARR_SIZE];\n",[75,1333,1334,1336,1338,1340,1343,1345,1347,1350,1353],{"class":77,"line":172},[75,1335,1107],{"class":101},[75,1337,1110],{"class":85},[75,1339,108],{"class":101},[75,1341,1342],{"class":766}," sizeof",[75,1344,770],{"class":85},[75,1346,82],{"class":81},[75,1348,1349],{"class":85},") ",[75,1351,1352],{"class":101},"*",[75,1354,1355],{"class":85}," ARR_SIZE;\n",[75,1357,1358,1361,1363,1365,1367],{"class":77,"line":778},[75,1359,1360],{"class":81},"  void",[75,1362,102],{"class":101},[75,1364,105],{"class":85},[75,1366,108],{"class":101},[75,1368,1369],{"class":85}," a;\n",[75,1371,1372],{"class":77,"line":792},[75,1373,117],{"emptyLinePlaceholder":7},[75,1375,1376,1378,1380,1382],{"class":77,"line":802},[75,1377,1130],{"class":766},[75,1379,1133],{"class":85},[75,1381,1136],{"class":89},[75,1383,1139],{"class":85},[75,1385,1386],{"class":77,"line":820},[75,1387,840],{"class":85},[659,1389,1147],{"id":1390},"compliant-solution-pointer-integer-1",[39,1392,1393,1394,1396],{},"In this compliant solution, the element count required by ",[72,1395,384],{}," is properly calculated without resorting to scaling:",[681,1398,1399],{"quality":881},[65,1400,1402],{"className":67,"code":1401,"language":69,"meta":70,"style":70},"#include \u003Cstring.h>\n \nvoid f2(void) {\n  const size_t ARR_SIZE = 4;\n  long a[ARR_SIZE];\n  const size_t n = sizeof(a);\n  void *p = a;\n\n  memset(p, 0, n);\n}\n",[72,1403,1404,1414,1418,1430,1442,1448,1461,1473,1477,1487],{"__ignoreMap":70},[75,1405,1406,1408,1410,1412],{"class":77,"line":78},[75,1407,693],{"class":85},[75,1409,696],{"class":101},[75,1411,699],{"class":85},[75,1413,702],{"class":101},[75,1415,1416],{"class":77,"line":96},[75,1417,718],{"class":85},[75,1419,1420,1422,1424,1426,1428],{"class":77,"line":114},[75,1421,175],{"class":81},[75,1423,1303],{"class":766},[75,1425,770],{"class":85},[75,1427,175],{"class":81},[75,1429,775],{"class":85},[75,1431,1432,1434,1436,1438,1440],{"class":77,"line":120},[75,1433,1107],{"class":101},[75,1435,1316],{"class":85},[75,1437,108],{"class":101},[75,1439,1321],{"class":89},[75,1441,169],{"class":85},[75,1443,1444,1446],{"class":77,"line":146},[75,1445,1328],{"class":81},[75,1447,1331],{"class":85},[75,1449,1450,1452,1454,1456,1458],{"class":77,"line":172},[75,1451,1107],{"class":101},[75,1453,1110],{"class":85},[75,1455,108],{"class":101},[75,1457,1342],{"class":766},[75,1459,1460],{"class":85},"(a);\n",[75,1462,1463,1465,1467,1469,1471],{"class":77,"line":778},[75,1464,1360],{"class":81},[75,1466,102],{"class":101},[75,1468,105],{"class":85},[75,1470,108],{"class":101},[75,1472,1369],{"class":85},[75,1474,1475],{"class":77,"line":792},[75,1476,117],{"emptyLinePlaceholder":7},[75,1478,1479,1481,1483,1485],{"class":77,"line":802},[75,1480,1130],{"class":766},[75,1482,1133],{"class":85},[75,1484,1136],{"class":89},[75,1486,1139],{"class":85},[75,1488,1489],{"class":77,"line":820},[75,1490,840],{"class":85},[244,1492,1494],{"id":1493},"two-pointers-one-integer","Two Pointers + One Integer",[39,1496,1497],{},"The following standard library functions take two pointer arguments and a size argument, with the constraint that both pointers must point to valid memory objects of at least the number of elements indicated by the size argument.",[252,1499,1502,1515],{"className":1500},[1501],"wrapped",[1503,1504,1505,1509,1511,1513],"colgroup",{},[1506,1507],"col",{"style":1508},"width: 25%",[1506,1510],{"style":1508},[1506,1512],{"style":1508},[1506,1514],{"style":1508},[270,1516,1517,1541,1565,1588],{},[258,1518,1521,1526,1531,1536],{"className":1519},[1520],"odd",[275,1522,1523],{},[72,1524,1525],{},"             memcpy()      ",[275,1527,1528],{},[72,1529,1530],{},"      wmemcpy()     ",[275,1532,1533],{},[72,1534,1535],{},"      memmove()     ",[275,1537,1538],{},[72,1539,1540],{},"      wmemmove()     ",[258,1542,1545,1550,1555,1560],{"className":1543},[1544],"even",[275,1546,1547],{},[72,1548,1549],{},"      strncpy()     ",[275,1551,1552],{},[72,1553,1554],{},"      wcsncpy()     ",[275,1556,1557],{},[72,1558,1559],{},"      memcmp()     ",[275,1561,1562],{},[72,1563,1564],{},"      wmemcmp()     ",[258,1566,1568,1573,1578,1583],{"className":1567},[1520],[275,1569,1570],{},[72,1571,1572],{},"      strncmp()     ",[275,1574,1575],{},[72,1576,1577],{},"      wcsncmp()     ",[275,1579,1580],{},[72,1581,1582],{},"      strcpy_s()     ",[275,1584,1585],{},[72,1586,1587],{},"      wcscpy_s()     ",[258,1589,1591,1596,1601,1605],{"className":1590},[1544],[275,1592,1593],{},[72,1594,1595],{},"      strcat_s()     ",[275,1597,1598],{},[72,1599,1600],{},"      wcscat_s()     ",[275,1602,1603],{},[638,1604],{},[275,1606,1607],{},[638,1608],{},[39,1610,1611],{},"For calls that take two pointers and an integer size, the given size should not be greater than the element count of either pointer.",[659,1613,1615],{"id":1614},"noncompliant-code-example-two-pointers-one-integer","Noncompliant Code Example (Two Pointers + One Integer)",[39,1617,1618,1619,1621,1622,1028],{},"In this noncompliant code example, the value of ",[72,1620,1024],{}," is incorrectly computed, allowing a read past the end of the object referenced by ",[72,1623,1624],{},"q",[681,1626,1627],{"quality":683},[65,1628,1630],{"className":67,"code":1629,"language":69,"meta":70,"style":70},"#include \u003Cstring.h>\n\nvoid f4() {\n  char p[40];\n  const char *q = \"Too short\";\n  size_t n = sizeof(p);\n  memcpy(p, q, n);\n}\n",[72,1631,1632,1642,1646,1656,1668,1686,1698,1706],{"__ignoreMap":70},[75,1633,1634,1636,1638,1640],{"class":77,"line":78},[75,1635,693],{"class":85},[75,1637,696],{"class":101},[75,1639,699],{"class":85},[75,1641,702],{"class":101},[75,1643,1644],{"class":77,"line":96},[75,1645,117],{"emptyLinePlaceholder":7},[75,1647,1648,1650,1653],{"class":77,"line":114},[75,1649,175],{"class":81},[75,1651,1652],{"class":766}," f4",[75,1654,1655],{"class":85},"() {\n",[75,1657,1658,1660,1663,1666],{"class":77,"line":120},[75,1659,1075],{"class":81},[75,1661,1662],{"class":85}," p[",[75,1664,1665],{"class":89},"40",[75,1667,93],{"class":85},[75,1669,1670,1672,1674,1676,1679,1681,1684],{"class":77,"line":146},[75,1671,1107],{"class":101},[75,1673,729],{"class":81},[75,1675,102],{"class":101},[75,1677,1678],{"class":85},"q ",[75,1680,108],{"class":101},[75,1682,1683],{"class":737}," \"Too short\"",[75,1685,169],{"class":85},[75,1687,1688,1691,1693,1695],{"class":77,"line":172},[75,1689,1690],{"class":85},"  size_t n ",[75,1692,108],{"class":101},[75,1694,1342],{"class":766},[75,1696,1697],{"class":85},"(p);\n",[75,1699,1700,1703],{"class":77,"line":778},[75,1701,1702],{"class":766},"  memcpy",[75,1704,1705],{"class":85},"(p, q, n);\n",[75,1707,1708],{"class":77,"line":792},[75,1709,840],{"class":85},[659,1711,1713],{"id":1712},"compliant-solution-two-pointers-one-integer","Compliant Solution (Two Pointers + One Integer)",[39,1715,1716,1717,1719],{},"This compliant solution ensures that ",[72,1718,1024],{}," is equal to the size of the character array:",[681,1721,1722],{"quality":881},[65,1723,1725],{"className":67,"code":1724,"language":69,"meta":70,"style":70},"#include \u003Cstring.h>\n\nvoid f4() {\n  char p[40];\n  const char *q = \"Too short\";\n  size_t n = sizeof(p) \u003C strlen(q) + 1 ? sizeof(p) : strlen(q) + 1;\n  memcpy(p, q, n);\n}\n",[72,1726,1727,1737,1741,1749,1759,1775,1818,1824],{"__ignoreMap":70},[75,1728,1729,1731,1733,1735],{"class":77,"line":78},[75,1730,693],{"class":85},[75,1732,696],{"class":101},[75,1734,699],{"class":85},[75,1736,702],{"class":101},[75,1738,1739],{"class":77,"line":96},[75,1740,117],{"emptyLinePlaceholder":7},[75,1742,1743,1745,1747],{"class":77,"line":114},[75,1744,175],{"class":81},[75,1746,1652],{"class":766},[75,1748,1655],{"class":85},[75,1750,1751,1753,1755,1757],{"class":77,"line":120},[75,1752,1075],{"class":81},[75,1754,1662],{"class":85},[75,1756,1665],{"class":89},[75,1758,93],{"class":85},[75,1760,1761,1763,1765,1767,1769,1771,1773],{"class":77,"line":146},[75,1762,1107],{"class":101},[75,1764,729],{"class":81},[75,1766,102],{"class":101},[75,1768,1678],{"class":85},[75,1770,108],{"class":101},[75,1772,1683],{"class":737},[75,1774,169],{"class":85},[75,1776,1777,1779,1781,1783,1786,1788,1791,1794,1796,1798,1801,1803,1805,1808,1810,1812,1814,1816],{"class":77,"line":172},[75,1778,1690],{"class":85},[75,1780,108],{"class":101},[75,1782,1342],{"class":766},[75,1784,1785],{"class":85},"(p) ",[75,1787,696],{"class":101},[75,1789,1790],{"class":766}," strlen",[75,1792,1793],{"class":85},"(q) ",[75,1795,163],{"class":101},[75,1797,989],{"class":89},[75,1799,1800],{"class":101}," ?",[75,1802,1342],{"class":766},[75,1804,1785],{"class":85},[75,1806,1807],{"class":101},":",[75,1809,1790],{"class":766},[75,1811,1793],{"class":85},[75,1813,163],{"class":101},[75,1815,989],{"class":89},[75,1817,169],{"class":85},[75,1819,1820,1822],{"class":77,"line":778},[75,1821,1702],{"class":766},[75,1823,1705],{"class":85},[75,1825,1826],{"class":77,"line":792},[75,1827,840],{"class":85},[244,1829,1831],{"id":1830},"one-pointer-two-integers","One Pointer + Two Integers",[39,1833,1834],{},"The following standard library functions take a pointer argument and two size arguments, with the constraint that the pointer must point to a valid memory object containing at least as many bytes as the product of the two size arguments.",[252,1836,1838,1848],{"className":1837},[1501],[1503,1839,1840,1842,1844,1846],{},[1506,1841],{"style":1508},[1506,1843],{"style":1508},[1506,1845],{"style":1508},[1506,1847],{"style":1508},[270,1849,1850,1873],{},[258,1851,1853,1858,1863,1868],{"className":1852},[1520],[275,1854,1855],{},[72,1856,1857],{},"      bsearch()     ",[275,1859,1860],{},[72,1861,1862],{},"      bsearch_s()     ",[275,1864,1865],{},[72,1866,1867],{},"      qsort()     ",[275,1869,1870],{},[72,1871,1872],{},"      qsort_s()     ",[258,1874,1876,1881,1886,1891],{"className":1875},[1544],[275,1877,1878],{},[72,1879,1880],{},"      fread()     ",[275,1882,1883],{},[72,1884,1885],{},"      fwrite()     ",[275,1887,1888],{},[72,1889,1890],{},"     ",[275,1892,1893],{},[638,1894],{},[39,1896,1897,1898,47],{},"For calls that take a pointer and two integers, one integer represents the number of bytes required for an individual object, and a second integer represents the number of elements in the array. The resulting product of the two integers should not be greater than the element count of the pointer were it expressed as an ",[72,1899,235],{},[659,1901,1903],{"id":1902},"noncompliant-code-example-one-pointer-two-integers","Noncompliant Code Example (One Pointer + Two Integers)",[39,1905,1906,1907,1910,1911,1914,1915,1919,1920,1922,1923,1926],{},"This noncompliant code example allocates a variable number of objects of type ",[72,1908,1909],{},"  struct obj "," . The function checks that ",[72,1912,1913],{},"num_objs"," is small enough to prevent wrapping, in compliance with ",[43,1916,1918],{"href":1917},"\u002Fsei-cert-c-coding-standard\u002Frules\u002Fintegers-int\u002Fint30-c","INT30-C. Ensure that unsigned integer operations do not wrap"," . The size of ",[72,1921,1909],{}," is assumed to be 16 bytes to account for padding to achieve the assumed alignment of ",[72,1924,1925],{},"  long long "," . However, the padding typically depends on the target architecture, so this object size may be incorrect, resulting in an incorrect element count.",[681,1928,1929],{"quality":683},[65,1930,1932],{"className":67,"code":1931,"language":69,"meta":70,"style":70},"#include \u003Cstdint.h>\n#include \u003Cstdio.h>\n \nstruct obj {\n  char c;\n  long long i;\n};\n \nvoid func(FILE *f, struct obj *objs, size_t num_objs) {\n  const size_t obj_size = 16;\n  if (num_objs > (SIZE_MAX \u002F obj_size) ||\n      num_objs != fwrite(objs, obj_size, num_objs, f)) {\n    \u002F* Handle error *\u002F\n  }\n}\n",[72,1933,1934,1945,1956,1960,1965,1972,1982,1987,1991,2010,2024,2046,2061,2067,2073],{"__ignoreMap":70},[75,1935,1936,1938,1940,1943],{"class":77,"line":78},[75,1937,693],{"class":85},[75,1939,696],{"class":101},[75,1941,1942],{"class":85},"stdint.h",[75,1944,702],{"class":101},[75,1946,1947,1949,1951,1954],{"class":77,"line":96},[75,1948,693],{"class":85},[75,1950,696],{"class":101},[75,1952,1953],{"class":85},"stdio.h",[75,1955,702],{"class":101},[75,1957,1958],{"class":77,"line":114},[75,1959,718],{"class":85},[75,1961,1962],{"class":77,"line":120},[75,1963,1964],{"class":85},"struct obj {\n",[75,1966,1967,1969],{"class":77,"line":146},[75,1968,1075],{"class":81},[75,1970,1971],{"class":85}," c;\n",[75,1973,1974,1976,1979],{"class":77,"line":172},[75,1975,1328],{"class":81},[75,1977,1978],{"class":81}," long",[75,1980,1981],{"class":85}," i;\n",[75,1983,1984],{"class":77,"line":778},[75,1985,1986],{"class":85},"};\n",[75,1988,1989],{"class":77,"line":792},[75,1990,718],{"class":85},[75,1992,1993,1995,1997,2000,2002,2005,2007],{"class":77,"line":802},[75,1994,175],{"class":81},[75,1996,767],{"class":766},[75,1998,1999],{"class":85},"(FILE ",[75,2001,1352],{"class":101},[75,2003,2004],{"class":85},"f, struct obj ",[75,2006,1352],{"class":101},[75,2008,2009],{"class":85},"objs, size_t num_objs) {\n",[75,2011,2012,2014,2017,2019,2022],{"class":77,"line":820},[75,2013,1107],{"class":101},[75,2015,2016],{"class":85}," size_t obj_size ",[75,2018,108],{"class":101},[75,2020,2021],{"class":89}," 16",[75,2023,169],{"class":85},[75,2025,2026,2029,2032,2035,2038,2040,2043],{"class":77,"line":837},[75,2027,2028],{"class":101},"  if",[75,2030,2031],{"class":85}," (num_objs ",[75,2033,2034],{"class":101},">",[75,2036,2037],{"class":85}," (SIZE_MAX ",[75,2039,6],{"class":101},[75,2041,2042],{"class":85}," obj_size) ",[75,2044,2045],{"class":101},"||\n",[75,2047,2049,2052,2055,2058],{"class":77,"line":2048},12,[75,2050,2051],{"class":85},"      num_objs ",[75,2053,2054],{"class":101},"!=",[75,2056,2057],{"class":766}," fwrite",[75,2059,2060],{"class":85},"(objs, obj_size, num_objs, f)) {\n",[75,2062,2064],{"class":77,"line":2063},13,[75,2065,2066],{"class":816},"    \u002F* Handle error *\u002F\n",[75,2068,2070],{"class":77,"line":2069},14,[75,2071,2072],{"class":85},"  }\n",[75,2074,2076],{"class":77,"line":2075},15,[75,2077,840],{"class":85},[659,2079,2081],{"id":2080},"compliant-solution-one-pointer-two-integers","Compliant Solution (One Pointer + Two Integers)",[39,2083,2084,2085,2087,2088,2090],{},"This compliant solution uses the ",[72,2086,672],{}," operator to correctly provide the object size and ",[72,2089,1913],{}," to provide the element count:",[681,2092,2093],{"quality":881},[65,2094,2096],{"className":67,"code":2095,"language":69,"meta":70,"style":70},"#include \u003Cstdint.h>\n#include \u003Cstdio.h>\n \nstruct obj {\n  char c;\n  long long i;\n};\n \nvoid func(FILE *f, struct obj *objs, size_t num_objs) {\n  const size_t obj_size = sizeof *objs;\n  if (num_objs > (SIZE_MAX \u002F obj_size) ||\n      num_objs != fwrite(objs, obj_size, num_objs, f)) {\n    \u002F* Handle error *\u002F\n  }\n}\n",[72,2097,2098,2108,2118,2123,2127,2133,2141,2145,2149,2165,2181,2197,2207,2211,2215],{"__ignoreMap":70},[75,2099,2100,2102,2104,2106],{"class":77,"line":78},[75,2101,693],{"class":85},[75,2103,696],{"class":101},[75,2105,1942],{"class":85},[75,2107,702],{"class":101},[75,2109,2110,2112,2114,2116],{"class":77,"line":96},[75,2111,693],{"class":85},[75,2113,696],{"class":101},[75,2115,1953],{"class":85},[75,2117,702],{"class":101},[75,2119,2120],{"class":77,"line":114},[75,2121,2122],{"class":85}," \n",[75,2124,2125],{"class":77,"line":120},[75,2126,1964],{"class":85},[75,2128,2129,2131],{"class":77,"line":146},[75,2130,1075],{"class":81},[75,2132,1971],{"class":85},[75,2134,2135,2137,2139],{"class":77,"line":172},[75,2136,1328],{"class":81},[75,2138,1978],{"class":81},[75,2140,1981],{"class":85},[75,2142,2143],{"class":77,"line":778},[75,2144,1986],{"class":85},[75,2146,2147],{"class":77,"line":792},[75,2148,2122],{"class":85},[75,2150,2151,2153,2155,2157,2159,2161,2163],{"class":77,"line":802},[75,2152,175],{"class":81},[75,2154,767],{"class":766},[75,2156,1999],{"class":85},[75,2158,1352],{"class":101},[75,2160,2004],{"class":85},[75,2162,1352],{"class":101},[75,2164,2009],{"class":85},[75,2166,2167,2169,2171,2173,2176,2178],{"class":77,"line":820},[75,2168,1107],{"class":101},[75,2170,2016],{"class":85},[75,2172,108],{"class":101},[75,2174,2175],{"class":85}," sizeof ",[75,2177,1352],{"class":101},[75,2179,2180],{"class":85},"objs;\n",[75,2182,2183,2185,2187,2189,2191,2193,2195],{"class":77,"line":837},[75,2184,2028],{"class":101},[75,2186,2031],{"class":85},[75,2188,2034],{"class":101},[75,2190,2037],{"class":85},[75,2192,6],{"class":101},[75,2194,2042],{"class":85},[75,2196,2045],{"class":101},[75,2198,2199,2201,2203,2205],{"class":77,"line":2048},[75,2200,2051],{"class":85},[75,2202,2054],{"class":101},[75,2204,2057],{"class":766},[75,2206,2060],{"class":85},[75,2208,2209],{"class":77,"line":2063},[75,2210,2066],{"class":816},[75,2212,2213],{"class":77,"line":2069},[75,2214,2072],{"class":85},[75,2216,2217],{"class":77,"line":2075},[75,2218,840],{"class":85},[659,2220,2222],{"id":2221},"noncompliant-code-exampleone-pointer-two-integers","Noncompliant Code Example (One Pointer + Two Integers)",[39,2224,2225,2226,2229,2230,2233,2234,866,2237,2240,2241,2244,2245,2248,2249,2252,2253,2255,2256,2258,2259,2261,2262,2264,2265,2267,2268,2270,2271,2275,2276,2282,2283,2288],{},"In this noncompliant code example, the function ",[72,2227,2228],{},"f()"," calls ",[72,2231,2232],{},"fread()"," to read ",[72,2235,2236],{},"nitems",[72,2238,2239],{},"wchar_t"," , each ",[72,2242,2243],{},"size"," bytes in size, into an array of ",[72,2246,2247],{},"BUFFER_SIZE"," elements, ",[72,2250,2251],{},"wbuf"," . However, the expression used to compute the value of ",[72,2254,2236],{}," fails to account for the fact that, unlike the size of ",[72,2257,126],{}," , the size of ",[72,2260,2239],{}," may be greater than 1. Consequently, ",[72,2263,2232],{}," could attempt to form pointers past the end of ",[72,2266,2251],{}," and use them to assign values to nonexistent elements of the array. Such an attempt is ",[43,2269,46],{"href":45}," . (See ",[43,2272,2274],{"href":2273},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fcc-undefined-behavior#CC.UndefinedBehavior-ub_109","undefined behavior 109"," .) A likely consequence of this undefined behavior is a buffer overflow. For a discussion of this programming error in the Common Weakness Enumeration database, see ",[43,2277,2281],{"href":2278,"rel":2279},"http:\u002F\u002Fcwe.mitre.org\u002Fdata\u002Fdefinitions\u002F121.html",[2280],"nofollow","CWE-121"," , \"Stack-based Buffer Overflow,\" and ",[43,2284,2287],{"href":2285,"rel":2286},"http:\u002F\u002Fcwe.mitre.org\u002Fdata\u002Fdefinitions\u002F805.html",[2280],"CWE-805"," , \"Buffer Access with Incorrect Length Value.\"",[681,2290,2291],{"quality":683},[65,2292,2296],{"className":2293,"code":2294,"language":2295,"meta":70,"style":70},"language-c shiki shiki-themes github-light github-dark monokai","#include \u003Cstddef.h>\n#include \u003Cstdio.h>\n\nvoid f(FILE *file) {\n  enum { BUFFER_SIZE = 1024 };\n  wchar_t wbuf[BUFFER_SIZE];\n\n  const size_t size = sizeof(*wbuf);\n  const size_t nitems = sizeof(wbuf);\n\n  size_t nread = fread(wbuf, size, nitems, file);\n  \u002F* ... *\u002F\n}\n","c",[72,2297,2298,2306,2313,2317,2334,2350,2363,2367,2388,2404,2408,2424,2428],{"__ignoreMap":70},[75,2299,2300,2303],{"class":77,"line":78},[75,2301,2302],{"class":101},"#include",[75,2304,2305],{"class":737}," \u003Cstddef.h>\n",[75,2307,2308,2310],{"class":77,"line":96},[75,2309,2302],{"class":101},[75,2311,2312],{"class":737}," \u003Cstdio.h>\n",[75,2314,2315],{"class":77,"line":114},[75,2316,117],{"emptyLinePlaceholder":7},[75,2318,2319,2321,2324,2326,2328,2332],{"class":77,"line":120},[75,2320,175],{"class":81},[75,2322,2323],{"class":766}," f",[75,2325,1999],{"class":85},[75,2327,1352],{"class":101},[75,2329,2331],{"class":2330},"sTHNf","file",[75,2333,775],{"class":85},[75,2335,2336,2339,2342,2344,2347],{"class":77,"line":146},[75,2337,2338],{"class":81},"  enum",[75,2340,2341],{"class":85}," { BUFFER_SIZE ",[75,2343,108],{"class":101},[75,2345,2346],{"class":89}," 1024",[75,2348,2349],{"class":85}," };\n",[75,2351,2352,2356,2360],{"class":77,"line":172},[75,2353,2355],{"class":2354},"s-m8C","  wchar_t",[75,2357,2359],{"class":2358},"sOrwc"," wbuf",[75,2361,2362],{"class":85},"[BUFFER_SIZE];\n",[75,2364,2365],{"class":77,"line":778},[75,2366,117],{"emptyLinePlaceholder":7},[75,2368,2369,2371,2374,2377,2379,2381,2383,2385],{"class":77,"line":792},[75,2370,1107],{"class":101},[75,2372,2373],{"class":81}," size_t",[75,2375,2376],{"class":85}," size ",[75,2378,108],{"class":101},[75,2380,1342],{"class":101},[75,2382,770],{"class":85},[75,2384,1352],{"class":101},[75,2386,2387],{"class":85},"wbuf);\n",[75,2389,2390,2392,2394,2397,2399,2401],{"class":77,"line":802},[75,2391,1107],{"class":101},[75,2393,2373],{"class":81},[75,2395,2396],{"class":85}," nitems ",[75,2398,108],{"class":101},[75,2400,1342],{"class":101},[75,2402,2403],{"class":85},"(wbuf);\n",[75,2405,2406],{"class":77,"line":820},[75,2407,117],{"emptyLinePlaceholder":7},[75,2409,2410,2413,2416,2418,2421],{"class":77,"line":837},[75,2411,2412],{"class":81},"  size_t",[75,2414,2415],{"class":85}," nread ",[75,2417,108],{"class":101},[75,2419,2420],{"class":766}," fread",[75,2422,2423],{"class":85},"(wbuf, size, nitems, file);\n",[75,2425,2426],{"class":77,"line":2048},[75,2427,1102],{"class":816},[75,2429,2430],{"class":77,"line":2063},[75,2431,840],{"class":85},[659,2433,2435],{"id":2434},"compliant-solutionone-pointer-two-integers","Compliant Solution (One Pointer + Two Integers)",[39,2437,2438,2439,2441],{},"This compliant solution correctly computes the maximum number of items for ",[72,2440,2232],{}," to read from the file:",[681,2443,2444],{"quality":881},[65,2445,2447],{"className":2293,"code":2446,"language":2295,"meta":70,"style":70},"#include \u003Cstddef.h>\n#include \u003Cstdio.h>\n \nvoid f(FILE *file) {\n  enum { BUFFER_SIZE = 1024 };\n  wchar_t wbuf[BUFFER_SIZE];\n\n  const size_t size = sizeof(*wbuf);\n  const size_t nitems = sizeof(wbuf) \u002F size;\n\n  size_t nread = fread(wbuf, size, nitems, file);\n  \u002F* ... *\u002F\n}\n",[72,2448,2449,2455,2461,2465,2479,2491,2499,2503,2521,2541,2545,2557,2561],{"__ignoreMap":70},[75,2450,2451,2453],{"class":77,"line":78},[75,2452,2302],{"class":101},[75,2454,2305],{"class":737},[75,2456,2457,2459],{"class":77,"line":96},[75,2458,2302],{"class":101},[75,2460,2312],{"class":737},[75,2462,2463],{"class":77,"line":114},[75,2464,718],{"class":85},[75,2466,2467,2469,2471,2473,2475,2477],{"class":77,"line":120},[75,2468,175],{"class":81},[75,2470,2323],{"class":766},[75,2472,1999],{"class":85},[75,2474,1352],{"class":101},[75,2476,2331],{"class":2330},[75,2478,775],{"class":85},[75,2480,2481,2483,2485,2487,2489],{"class":77,"line":146},[75,2482,2338],{"class":81},[75,2484,2341],{"class":85},[75,2486,108],{"class":101},[75,2488,2346],{"class":89},[75,2490,2349],{"class":85},[75,2492,2493,2495,2497],{"class":77,"line":172},[75,2494,2355],{"class":2354},[75,2496,2359],{"class":2358},[75,2498,2362],{"class":85},[75,2500,2501],{"class":77,"line":778},[75,2502,117],{"emptyLinePlaceholder":7},[75,2504,2505,2507,2509,2511,2513,2515,2517,2519],{"class":77,"line":792},[75,2506,1107],{"class":101},[75,2508,2373],{"class":81},[75,2510,2376],{"class":85},[75,2512,108],{"class":101},[75,2514,1342],{"class":101},[75,2516,770],{"class":85},[75,2518,1352],{"class":101},[75,2520,2387],{"class":85},[75,2522,2523,2525,2527,2529,2531,2533,2536,2538],{"class":77,"line":802},[75,2524,1107],{"class":101},[75,2526,2373],{"class":81},[75,2528,2396],{"class":85},[75,2530,108],{"class":101},[75,2532,1342],{"class":101},[75,2534,2535],{"class":85},"(wbuf) ",[75,2537,6],{"class":101},[75,2539,2540],{"class":85}," size;\n",[75,2542,2543],{"class":77,"line":820},[75,2544,117],{"emptyLinePlaceholder":7},[75,2546,2547,2549,2551,2553,2555],{"class":77,"line":837},[75,2548,2412],{"class":81},[75,2550,2415],{"class":85},[75,2552,108],{"class":101},[75,2554,2420],{"class":766},[75,2556,2423],{"class":85},[75,2558,2559],{"class":77,"line":2048},[75,2560,1102],{"class":816},[75,2562,2563],{"class":77,"line":2063},[75,2564,840],{"class":85},[659,2566,2568],{"id":2567},"noncompliant-code-example-heartbleed","Noncompliant Code Example (Heartbleed)",[39,2570,2571,2572,2577],{},"CERT vulnerability ",[43,2573,2576],{"href":2574,"rel":2575},"http:\u002F\u002Fwww.kb.cert.org\u002Fvuls\u002Fid\u002F720951",[2280],"720951"," describes a vulnerability in OpenSSL versions 1.0.1 through 1.0.1f, popularly known as \"Heartbleed.\" This vulnerability allows an attacker to steal information that under normal conditions would be protected by Secure Socket Layer\u002FTransport Layer Security (SSL\u002FTLS) encryption.",[39,2579,2580],{},"Despite the seriousness of the vulnerability, Heartbleed is the result of a common programming error and an apparent lack of awareness of secure coding principles. Following is the vulnerable code:",[681,2582,2583],{"quality":683},[65,2584,2586],{"className":2293,"code":2585,"language":2295,"meta":70,"style":70},"int dtls1_process_heartbeat(SSL *s) {         \n  unsigned char *p = &s->s3->rrec.data[0], *pl;\n  unsigned short hbtype;\n  unsigned int payload;\n  unsigned int padding = 16; \u002F* Use minimum padding *\u002F\n \n  \u002F* Read type and payload length first *\u002F\n  hbtype = *p++;\n  n2s(p, payload);\n  pl = p;\n \n  \u002F* ... More code ... *\u002F\n \n  if (hbtype == TLS1_HB_REQUEST) {\n    unsigned char *buffer, *bp;\n    int r;\n \n    \u002F* \n     * Allocate memory for the response; size is 1 byte\n     * message type, plus 2 bytes payload length, plus\n     * payload, plus padding.\n     *\u002F\n    buffer = OPENSSL_malloc(1 + 2 + payload + padding);\n    bp = buffer;\n \n    \u002F* Enter response type, length, and copy payload *\u002F\n    *bp++ = TLS1_HB_RESPONSE;\n    s2n(payload, bp);\n    memcpy(bp, pl, payload);\n \n    \u002F* ... More code ... *\u002F\n  }\n  \u002F* ... More code ... *\u002F\n}\n",[72,2587,2588,2606,2635,2645,2655,2674,2678,2683,2699,2707,2717,2721,2726,2730,2743,2760,2769,2774,2780,2786,2792,2798,2804,2834,2845,2850,2856,2873,2882,2891,2896,2902,2907,2912],{"__ignoreMap":70},[75,2589,2590,2592,2595,2598,2600,2603],{"class":77,"line":78},[75,2591,82],{"class":81},[75,2593,2594],{"class":766}," dtls1_process_heartbeat",[75,2596,2597],{"class":85},"(SSL ",[75,2599,1352],{"class":101},[75,2601,2602],{"class":2330},"s",[75,2604,2605],{"class":85},") {         \n",[75,2607,2608,2611,2613,2615,2617,2619,2622,2625,2627,2630,2632],{"class":77,"line":96},[75,2609,2610],{"class":81},"  unsigned",[75,2612,729],{"class":81},[75,2614,102],{"class":101},[75,2616,105],{"class":85},[75,2618,108],{"class":101},[75,2620,2621],{"class":101}," &",[75,2623,2624],{"class":85},"s->s3->rrec.data[",[75,2626,1136],{"class":89},[75,2628,2629],{"class":85},"], ",[75,2631,1352],{"class":101},[75,2633,2634],{"class":85},"pl;\n",[75,2636,2637,2639,2642],{"class":77,"line":114},[75,2638,2610],{"class":81},[75,2640,2641],{"class":81}," short",[75,2643,2644],{"class":85}," hbtype;\n",[75,2646,2647,2649,2652],{"class":77,"line":120},[75,2648,2610],{"class":81},[75,2650,2651],{"class":81}," int",[75,2653,2654],{"class":85}," payload;\n",[75,2656,2657,2659,2661,2664,2666,2668,2671],{"class":77,"line":146},[75,2658,2610],{"class":81},[75,2660,2651],{"class":81},[75,2662,2663],{"class":85}," padding ",[75,2665,108],{"class":101},[75,2667,2021],{"class":89},[75,2669,2670],{"class":85},";",[75,2672,2673],{"class":816}," \u002F* Use minimum padding *\u002F\n",[75,2675,2676],{"class":77,"line":172},[75,2677,2122],{"class":85},[75,2679,2680],{"class":77,"line":778},[75,2681,2682],{"class":816},"  \u002F* Read type and payload length first *\u002F\n",[75,2684,2685,2688,2690,2692,2694,2697],{"class":77,"line":792},[75,2686,2687],{"class":85},"  hbtype ",[75,2689,108],{"class":101},[75,2691,102],{"class":101},[75,2693,39],{"class":85},[75,2695,2696],{"class":101},"++",[75,2698,169],{"class":85},[75,2700,2701,2704],{"class":77,"line":802},[75,2702,2703],{"class":766},"  n2s",[75,2705,2706],{"class":85},"(p, payload);\n",[75,2708,2709,2712,2714],{"class":77,"line":820},[75,2710,2711],{"class":85},"  pl ",[75,2713,108],{"class":101},[75,2715,2716],{"class":85}," p;\n",[75,2718,2719],{"class":77,"line":837},[75,2720,2122],{"class":85},[75,2722,2723],{"class":77,"line":2048},[75,2724,2725],{"class":816},"  \u002F* ... More code ... *\u002F\n",[75,2727,2728],{"class":77,"line":2063},[75,2729,2122],{"class":85},[75,2731,2732,2734,2737,2740],{"class":77,"line":2069},[75,2733,2028],{"class":101},[75,2735,2736],{"class":85}," (hbtype ",[75,2738,2739],{"class":101},"==",[75,2741,2742],{"class":85}," TLS1_HB_REQUEST) {\n",[75,2744,2745,2748,2750,2752,2755,2757],{"class":77,"line":2075},[75,2746,2747],{"class":81},"    unsigned",[75,2749,729],{"class":81},[75,2751,102],{"class":101},[75,2753,2754],{"class":85},"buffer, ",[75,2756,1352],{"class":101},[75,2758,2759],{"class":85},"bp;\n",[75,2761,2763,2766],{"class":77,"line":2762},16,[75,2764,2765],{"class":81},"    int",[75,2767,2768],{"class":85}," r;\n",[75,2770,2772],{"class":77,"line":2771},17,[75,2773,2122],{"class":85},[75,2775,2777],{"class":77,"line":2776},18,[75,2778,2779],{"class":816},"    \u002F* \n",[75,2781,2783],{"class":77,"line":2782},19,[75,2784,2785],{"class":816},"     * Allocate memory for the response; size is 1 byte\n",[75,2787,2789],{"class":77,"line":2788},20,[75,2790,2791],{"class":816},"     * message type, plus 2 bytes payload length, plus\n",[75,2793,2795],{"class":77,"line":2794},21,[75,2796,2797],{"class":816},"     * payload, plus padding.\n",[75,2799,2801],{"class":77,"line":2800},22,[75,2802,2803],{"class":816},"     *\u002F\n",[75,2805,2807,2810,2812,2815,2817,2819,2822,2824,2826,2829,2831],{"class":77,"line":2806},23,[75,2808,2809],{"class":85},"    buffer ",[75,2811,108],{"class":101},[75,2813,2814],{"class":766}," OPENSSL_malloc",[75,2816,770],{"class":85},[75,2818,305],{"class":89},[75,2820,2821],{"class":101}," +",[75,2823,166],{"class":89},[75,2825,2821],{"class":101},[75,2827,2828],{"class":85}," payload ",[75,2830,163],{"class":101},[75,2832,2833],{"class":85}," padding);\n",[75,2835,2837,2840,2842],{"class":77,"line":2836},24,[75,2838,2839],{"class":85},"    bp ",[75,2841,108],{"class":101},[75,2843,2844],{"class":85}," buffer;\n",[75,2846,2848],{"class":77,"line":2847},25,[75,2849,2122],{"class":85},[75,2851,2853],{"class":77,"line":2852},26,[75,2854,2855],{"class":816},"    \u002F* Enter response type, length, and copy payload *\u002F\n",[75,2857,2859,2862,2865,2867,2870],{"class":77,"line":2858},27,[75,2860,2861],{"class":101},"    *",[75,2863,2864],{"class":85},"bp",[75,2866,2696],{"class":101},[75,2868,2869],{"class":101}," =",[75,2871,2872],{"class":85}," TLS1_HB_RESPONSE;\n",[75,2874,2876,2879],{"class":77,"line":2875},28,[75,2877,2878],{"class":766},"    s2n",[75,2880,2881],{"class":85},"(payload, bp);\n",[75,2883,2885,2888],{"class":77,"line":2884},29,[75,2886,2887],{"class":766},"    memcpy",[75,2889,2890],{"class":85},"(bp, pl, payload);\n",[75,2892,2894],{"class":77,"line":2893},30,[75,2895,2122],{"class":85},[75,2897,2899],{"class":77,"line":2898},31,[75,2900,2901],{"class":816},"    \u002F* ... More code ... *\u002F\n",[75,2903,2905],{"class":77,"line":2904},32,[75,2906,2072],{"class":85},[75,2908,2910],{"class":77,"line":2909},33,[75,2911,2725],{"class":816},[75,2913,2915],{"class":77,"line":2914},34,[75,2916,840],{"class":85},[2918,2919,2923],"div",{"className":2920},[2921,2922,2295],"syntaxhighlighter","nogutter",[39,2924,2925,2926,2931],{},"This code processes a \"heartbeat\" packet from a client. As specified in ",[43,2927,2930],{"href":2928,"rel":2929},"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc6520",[2280],"RFC 6520"," , when the program receives a heartbeat packet, it must echo the packet's data back to the client. In addition to the data, the packet contains a length field that conventionally indicates the number of bytes in the packet data, but there is nothing to prevent a malicious packet from lying about its data length.",[39,2933,2934,2935,2937,2938,2941,2942,2945,2946,2949,2950,2952,2953,2955,2956,2958,2959,2961,2962,2966,2967,2969,2970,2972,2973,2976,2977,2981],{},"The ",[72,2936,39],{}," pointer, along with ",[72,2939,2940],{},"payload"," and ",[72,2943,2944],{},"p1"," , contains data from a packet. The code allocates a ",[72,2947,2948],{},"buffer"," sufficient to contain ",[72,2951,2940],{}," bytes, with some overhead, then copies ",[72,2954,2940],{}," bytes starting at ",[72,2957,2944],{}," into this buffer and sends it to the client. Notably absent from this code are any checks that the payload integer variable extracted from the heartbeat packet corresponds to the size of the packet data. Because the client can specify an arbitrary value of ",[72,2960,2940],{}," , an attacker can cause the server to read and return the contents of memory beyond the end of the packet data, which violates ",[43,2963,2965],{"href":2964},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fintegers-int\u002Fint04-c","INT04-C. Enforce limits on integer values originating from tainted sources"," . The resulting call to ",[72,2968,850],{}," can then copy the contents of memory past the end of the packet data and the packet itself, potentially exposing sensitive data to the attacker. This call to ",[72,2971,850],{}," violates ",[43,2974,30],{"href":2975},"\u002Fsei-cert-c-coding-standard\u002Frules\u002Farrays-arr\u002Farr38-c"," . A version of ARR38-C also appears in ",[43,2978,2980],{"href":2979},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Faa-bibliography#AA.Bibliography-ISO-IECTS17961","ISO\u002FIEC TS 17961:2013"," , \"Forming invalid pointers by library functions [libptr].\" This rule would require a conforming analyzer to diagnose the Heartbleed vulnerability.",[659,2983,2985],{"id":2984},"compliant-solution-heartbleed","Compliant Solution (Heartbleed)",[39,2987,2988,2989,2991],{},"OpenSSL version 1.0.1g contains the following patch, which guarantees that ",[72,2990,2940],{}," is within a valid range. The range is limited by the size of the input record.",[681,2993,2994],{"quality":881},[65,2995,2997],{"className":2293,"code":2996,"language":2295,"meta":70,"style":70},"int dtls1_process_heartbeat(SSL *s) {         \n  unsigned char *p = &s->s3->rrec.data[0], *pl;\n  unsigned short hbtype;\n  unsigned int payload;\n  unsigned int padding = 16; \u002F* Use minimum padding *\u002F\n \n  \u002F* ... More code ... *\u002F\n \n  \u002F* Read type and payload length first *\u002F\n  if (1 + 2 + 16 > s->s3->rrec.length)\n    return 0; \u002F* Silently discard *\u002F\n  hbtype = *p++;\n  n2s(p, payload);\n  if (1 + 2 + payload + 16 > s->s3->rrec.length)\n    return 0; \u002F* Silently discard per RFC 6520 *\u002F\n  pl = p;\n \n  \u002F* ... More code ... *\u002F\n \n  if (hbtype == TLS1_HB_REQUEST) {\n    unsigned char *buffer, *bp;\n    int r;\n \n    \u002F* \n     * Allocate memory for the response; size is 1 byte\n     * message type, plus 2 bytes payload length, plus\n     * payload, plus padding.\n     *\u002F\n    buffer = OPENSSL_malloc(1 + 2 + payload + padding);\n    bp = buffer;\n    \u002F* Enter response type, length, and copy payload *\u002F\n    *bp++ = TLS1_HB_RESPONSE;\n    s2n(payload, bp);\n    memcpy(bp, pl, payload);\n    \u002F* ... More code ... *\u002F\n  }\n  \u002F* ... More code ... *\u002F\n}\n",[72,2998,2999,3013,3037,3045,3053,3069,3073,3077,3081,3085,3107,3120,3134,3140,3164,3175,3183,3187,3191,3195,3205,3219,3225,3229,3233,3237,3241,3245,3249,3273,3281,3285,3297,3303,3309,3314,3319,3324],{"__ignoreMap":70},[75,3000,3001,3003,3005,3007,3009,3011],{"class":77,"line":78},[75,3002,82],{"class":81},[75,3004,2594],{"class":766},[75,3006,2597],{"class":85},[75,3008,1352],{"class":101},[75,3010,2602],{"class":2330},[75,3012,2605],{"class":85},[75,3014,3015,3017,3019,3021,3023,3025,3027,3029,3031,3033,3035],{"class":77,"line":96},[75,3016,2610],{"class":81},[75,3018,729],{"class":81},[75,3020,102],{"class":101},[75,3022,105],{"class":85},[75,3024,108],{"class":101},[75,3026,2621],{"class":101},[75,3028,2624],{"class":85},[75,3030,1136],{"class":89},[75,3032,2629],{"class":85},[75,3034,1352],{"class":101},[75,3036,2634],{"class":85},[75,3038,3039,3041,3043],{"class":77,"line":114},[75,3040,2610],{"class":81},[75,3042,2641],{"class":81},[75,3044,2644],{"class":85},[75,3046,3047,3049,3051],{"class":77,"line":120},[75,3048,2610],{"class":81},[75,3050,2651],{"class":81},[75,3052,2654],{"class":85},[75,3054,3055,3057,3059,3061,3063,3065,3067],{"class":77,"line":146},[75,3056,2610],{"class":81},[75,3058,2651],{"class":81},[75,3060,2663],{"class":85},[75,3062,108],{"class":101},[75,3064,2021],{"class":89},[75,3066,2670],{"class":85},[75,3068,2673],{"class":816},[75,3070,3071],{"class":77,"line":172},[75,3072,2122],{"class":85},[75,3074,3075],{"class":77,"line":778},[75,3076,2725],{"class":816},[75,3078,3079],{"class":77,"line":792},[75,3080,2122],{"class":85},[75,3082,3083],{"class":77,"line":802},[75,3084,2682],{"class":816},[75,3086,3087,3089,3091,3093,3095,3097,3099,3101,3104],{"class":77,"line":820},[75,3088,2028],{"class":101},[75,3090,1084],{"class":85},[75,3092,305],{"class":89},[75,3094,2821],{"class":101},[75,3096,166],{"class":89},[75,3098,2821],{"class":101},[75,3100,2021],{"class":89},[75,3102,3103],{"class":101}," >",[75,3105,3106],{"class":85}," s->s3->rrec.length)\n",[75,3108,3109,3112,3115,3117],{"class":77,"line":837},[75,3110,3111],{"class":101},"    return",[75,3113,3114],{"class":89}," 0",[75,3116,2670],{"class":85},[75,3118,3119],{"class":816}," \u002F* Silently discard *\u002F\n",[75,3121,3122,3124,3126,3128,3130,3132],{"class":77,"line":2048},[75,3123,2687],{"class":85},[75,3125,108],{"class":101},[75,3127,102],{"class":101},[75,3129,39],{"class":85},[75,3131,2696],{"class":101},[75,3133,169],{"class":85},[75,3135,3136,3138],{"class":77,"line":2063},[75,3137,2703],{"class":766},[75,3139,2706],{"class":85},[75,3141,3142,3144,3146,3148,3150,3152,3154,3156,3158,3160,3162],{"class":77,"line":2069},[75,3143,2028],{"class":101},[75,3145,1084],{"class":85},[75,3147,305],{"class":89},[75,3149,2821],{"class":101},[75,3151,166],{"class":89},[75,3153,2821],{"class":101},[75,3155,2828],{"class":85},[75,3157,163],{"class":101},[75,3159,2021],{"class":89},[75,3161,3103],{"class":101},[75,3163,3106],{"class":85},[75,3165,3166,3168,3170,3172],{"class":77,"line":2075},[75,3167,3111],{"class":101},[75,3169,3114],{"class":89},[75,3171,2670],{"class":85},[75,3173,3174],{"class":816}," \u002F* Silently discard per RFC 6520 *\u002F\n",[75,3176,3177,3179,3181],{"class":77,"line":2762},[75,3178,2711],{"class":85},[75,3180,108],{"class":101},[75,3182,2716],{"class":85},[75,3184,3185],{"class":77,"line":2771},[75,3186,2122],{"class":85},[75,3188,3189],{"class":77,"line":2776},[75,3190,2725],{"class":816},[75,3192,3193],{"class":77,"line":2782},[75,3194,2122],{"class":85},[75,3196,3197,3199,3201,3203],{"class":77,"line":2788},[75,3198,2028],{"class":101},[75,3200,2736],{"class":85},[75,3202,2739],{"class":101},[75,3204,2742],{"class":85},[75,3206,3207,3209,3211,3213,3215,3217],{"class":77,"line":2794},[75,3208,2747],{"class":81},[75,3210,729],{"class":81},[75,3212,102],{"class":101},[75,3214,2754],{"class":85},[75,3216,1352],{"class":101},[75,3218,2759],{"class":85},[75,3220,3221,3223],{"class":77,"line":2800},[75,3222,2765],{"class":81},[75,3224,2768],{"class":85},[75,3226,3227],{"class":77,"line":2806},[75,3228,2122],{"class":85},[75,3230,3231],{"class":77,"line":2836},[75,3232,2779],{"class":816},[75,3234,3235],{"class":77,"line":2847},[75,3236,2785],{"class":816},[75,3238,3239],{"class":77,"line":2852},[75,3240,2791],{"class":816},[75,3242,3243],{"class":77,"line":2858},[75,3244,2797],{"class":816},[75,3246,3247],{"class":77,"line":2875},[75,3248,2803],{"class":816},[75,3250,3251,3253,3255,3257,3259,3261,3263,3265,3267,3269,3271],{"class":77,"line":2884},[75,3252,2809],{"class":85},[75,3254,108],{"class":101},[75,3256,2814],{"class":766},[75,3258,770],{"class":85},[75,3260,305],{"class":89},[75,3262,2821],{"class":101},[75,3264,166],{"class":89},[75,3266,2821],{"class":101},[75,3268,2828],{"class":85},[75,3270,163],{"class":101},[75,3272,2833],{"class":85},[75,3274,3275,3277,3279],{"class":77,"line":2893},[75,3276,2839],{"class":85},[75,3278,108],{"class":101},[75,3280,2844],{"class":85},[75,3282,3283],{"class":77,"line":2898},[75,3284,2855],{"class":816},[75,3286,3287,3289,3291,3293,3295],{"class":77,"line":2904},[75,3288,2861],{"class":101},[75,3290,2864],{"class":85},[75,3292,2696],{"class":101},[75,3294,2869],{"class":101},[75,3296,2872],{"class":85},[75,3298,3299,3301],{"class":77,"line":2909},[75,3300,2878],{"class":766},[75,3302,2881],{"class":85},[75,3304,3305,3307],{"class":77,"line":2914},[75,3306,2887],{"class":766},[75,3308,2890],{"class":85},[75,3310,3312],{"class":77,"line":3311},35,[75,3313,2901],{"class":816},[75,3315,3317],{"class":77,"line":3316},36,[75,3318,2072],{"class":85},[75,3320,3322],{"class":77,"line":3321},37,[75,3323,2725],{"class":816},[75,3325,3327],{"class":77,"line":3326},38,[75,3328,840],{"class":85},[244,3330,3332],{"id":3331},"risk-assessment","Risk Assessment",[39,3334,3335,3336,3340],{},"Depending on the library function called, an attacker may be able to use a heap or stack overflow ",[43,3337,3339],{"href":3338},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fbb-definitions#BB.Definitions-vulnerability","vulnerability"," to run arbitrary code.",[252,3342,3343,3344,3343,3371],{},"\n  ",[255,3345,3346,3347,3343],{},"\n    ",[258,3348,3349,3350,3349,3353,3349,3356,3349,3359,3349,3362,3349,3365,3349,3368,3346],{},"\n      ",[261,3351,3352],{},"Rule",[261,3354,3355],{},"Severity",[261,3357,3358],{},"Likelihood",[261,3360,3361],{},"Detectable",[261,3363,3364],{},"Repairable",[261,3366,3367],{},"Priority",[261,3369,3370],{},"Level",[270,3372,3346,3373,3343],{},[258,3374,3349,3375,3349,3378,3349,3381,3349,3384,3349,3387,3349,3389,3349,3396,3346],{},[275,3376,3377],{},"ARR38-C",[275,3379,3380],{},"High",[275,3382,3383],{},"Likely",[275,3385,3386],{},"No",[275,3388,3386],{},[275,3390,3392],{"style":3391},"color: #f1c40f;",[3393,3394,3395],"b",{},"P9",[275,3397,3398],{"style":3391},[3393,3399,3400],{},"L2",[659,3402,3404],{"id":3403},"automated-detection","Automated Detection",[252,3406,3408],{"className":3407},[1501],[270,3409,3410,3434,3480,3515,3544,3583,3609,3636,3669,3701,3726,3773,3792,3821,3879,3908,3939,3970],{},[258,3411,3414,3419,3424,3429],{"className":3412},[3413],"header",[261,3415,3416],{},[39,3417,3418],{},"Tool",[261,3420,3421],{},[39,3422,3423],{},"Version",[261,3425,3426],{},[39,3427,3428],{},"Checker",[261,3430,3431],{},[39,3432,3433],{},"Description",[258,3435,3437,3443,3450,3477],{"className":3436},[1520],[275,3438,3439],{},[43,3440,3442],{"href":3441},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fastree","Astrée",[275,3444,3445],{},[2918,3446,3449],{"className":3447},[3448],"content-wrapper","25.10",[275,3451,3452,3471],{},[39,3453,3454,290,3460,290,3465],{},[3455,3456,3457,3458],"strong",{},"stdlib-array-size",[638,3459],{},[3455,3461,3462,3463],{},"stdlib-string-size",[638,3464],{},[3455,3466,3467,3468,3470],{},"strcpy-limits",[638,3469],{},"\narray_out_of_bounds",[65,3472,3475],{"className":3473},[3474],"bz_comment_text",[72,3476],{},[275,3478,3479],{},"Partially checked + soundly supported",[258,3481,3483,3489,3495,3507],{"className":3482},[1544],[275,3484,3485],{},[43,3486,3488],{"href":3487},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fcodesonar","CodeSonar",[275,3490,3491],{},[2918,3492,3494],{"className":3493},[3448],"9.1p0",[275,3496,3497],{},[39,3498,3499,3502,3504],{},[3455,3500,3501],{},"LANG.MEM.BO",[638,3503],{},[3455,3505,3506],{},"LANG.MEM.BU",[275,3508,3509],{},[39,3510,3511,3512,3514],{},"Buffer overrun",[638,3513],{},"\nBuffer underrun",[258,3516,3518,3526,3532,3538],{"className":3517},[1520],[275,3519,3520],{},[39,3521,3522],{},[43,3523,3525],{"href":3524},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fseccode\u002FRose","Compass\u002FROSE",[275,3527,3528],{},[39,3529,3530],{},[638,3531],{},[275,3533,3534],{},[39,3535,3536],{},[638,3537],{},[275,3539,3540],{},[39,3541,3542],{},[638,3543],{},[258,3545,3547,3553,3559,3580],{"className":3546},[1544],[275,3548,3549],{},[43,3550,3552],{"href":3551},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fcoverity","Coverity",[275,3554,3555],{},[2918,3556,3558],{"className":3557},[3448],"2017.07",[275,3560,3561,3565,3570,3575],{},[39,3562,3563],{},[3455,3564,2247],{},[39,3566,3567],{},[3455,3568,3569],{},"BAD_SIZEOF",[39,3571,3572],{},[3455,3573,3574],{},"BAD_ALLOC_STRLEN",[39,3576,3577],{},[3455,3578,3579],{},"BAD_ALLOC_ARITHMETIC",[275,3581,3582],{},"Implemented",[258,3584,3586,3592,3600,3605],{"className":3585},[1520],[275,3587,3588],{},[43,3589,3591],{"href":3590},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fcppcheck-premium","Cppcheck Premium",[275,3593,3594],{},[2918,3595,3597],{"className":3596},[3448],[39,3598,3599],{},"24.11.0",[275,3601,3602],{},[3455,3603,3604],{},"premium-cert-arr38-c",[275,3606,3607],{},[638,3608],{},[258,3610,3612,3620,3625,3631],{"className":3611},[1544],[275,3613,3614],{},[39,3615,3616],{},[43,3617,3619],{"href":3618},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fseccode\u002FFortify","Fortify SCA",[275,3621,3622],{},[39,3623,3624],{},"5.0",[275,3626,3627],{},[39,3628,3629],{},[638,3630],{},[275,3632,3633],{},[39,3634,3635],{},"Can detect violations of this rule with CERT C Rule Pack",[258,3637,3639,3645,3653,3665],{"className":3638},[1520],[275,3640,3641],{},[43,3642,3644],{"href":3643},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fhelix-qac","Helix QAC",[275,3646,3647],{},[2918,3648,3650],{"className":3649},[3448],[39,3651,3652],{},"2025.2",[275,3654,3655,3660],{},[39,3656,3657],{},[3455,3658,3659],{},"C2840",[39,3661,3662],{},[3455,3663,3664],{},"DF2840, DF2841, DF2842, DF2843, DF2845, DF2846, DF2847, DF2848, DF2935, DF2936, DF2937, DF2938, DF4880, DF4881, DF4882, DF4883",[275,3666,3667],{},[638,3668],{},[258,3670,3672,3680,3685,3695],{"className":3671},[1544],[275,3673,3674],{},[39,3675,3676],{},[43,3677,3679],{"href":3678},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fseccode\u002FKlocwork+Cross+Reference","Klocwork",[275,3681,3682],{},[2918,3683,3652],{"className":3684},[3448],[275,3686,3687],{},[39,3688,3689],{},[3455,3690,3691,3692,3694],{},"ABV.GENERAL",[638,3693],{},"\nABV.GENERAL.MULTIDIMENSION",[275,3696,3697],{},[39,3698,3699],{},[638,3700],{},[258,3702,3704,3710,3716,3723],{"className":3703},[1520],[275,3705,3706],{},[43,3707,3709],{"href":3708},"\u002Fsei-cert-c-coding-standard\u002Fthe-void\u002Fvoid-cert-c-rules-implemented-in-the-ldra-tool-suite","LDRA tool suite",[275,3711,3712],{},[2918,3713,3715],{"className":3714},[3448],"9.7.1",[275,3717,3718],{},[3455,3719,3720,3721],{},"64 X, 66 X, 68 X, 69 X, 70 X, 71 X, 79 X",[638,3722],{},[275,3724,3725],{},"Partially Implmented",[258,3727,3729,3735,3737,3759],{"className":3728},[1544],[275,3730,3731],{},[43,3732,3734],{"href":3733},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fparasoft","Parasoft C\u002FC++test",[275,3736,3652],{},[275,3738,3739],{},[39,3740,3741,3744,3746,3749,3751,3754,3756],{},[3455,3742,3743],{},"CERT_C-ARR38-a",[638,3745],{},[3455,3747,3748],{},"CERT_C-ARR38-b",[638,3750],{},[3455,3752,3753],{},"CERT_C-ARR38-c",[638,3755],{},[3455,3757,3758],{},"CERT_C-ARR38-d",[275,3760,3761],{},[39,3762,3763,3764,3766,3767,3769,3770,3772],{},"Avoid overflow when reading from a buffer",[638,3765],{},"\nAvoid overflow when writing to a buffer",[638,3768],{},"\nAvoid buffer overflow due to defining incorrect format limits",[638,3771],{},"\nAvoid overflow due to reading a not zero terminated string",[258,3774,3776,3781,3785,3789],{"className":3775},[1520],[275,3777,3778],{},[43,3779,3780],{"href":3733},"Parasoft Insure++",[275,3782,3783],{},[638,3784],{},[275,3786,3787],{},[638,3788],{},[275,3790,3791],{},"Runtime analysis",[258,3793,3795,3801,3809,3816],{"className":3794},[1544],[275,3796,3797],{},[43,3798,3800],{"href":3799},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fpc-lint-plus","PC-lint Plus",[275,3802,3803],{},[2918,3804,3806],{"className":3805},[3448],[39,3807,3808],{},"1.4",[275,3810,3811],{},[39,3812,3813],{},[3455,3814,3815],{},"419, 420",[275,3817,3818],{},[39,3819,3820],{},"Partially supported",[258,3822,3824,3830,3838,3846],{"className":3823},[1520],[275,3825,3826],{},[43,3827,3829],{"href":3828},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fpolyspace-bug-finder","Polyspace Bug Finder",[275,3831,3832],{},[2918,3833,3835],{"className":3834},[3448],[39,3836,3837],{},"R2025b",[275,3839,3840],{},[39,3841,3842],{},[43,3843,3845],{"href":3844},"https:\u002F\u002Fwww.mathworks.com\u002Fhelp\u002Fbugfinder\u002Fref\u002Fcertcrulearr38c.html","CERT C: Rule ARR38-C",[275,3847,3848,3851,3876],{},[39,3849,3850],{},"Checks for:",[3852,3853,3854,3858,3861,3864,3867,3870,3873],"ul",{},[3855,3856,3857],"li",{},"Mismatch between data length and size",[3855,3859,3860],{},"Invalid use of standard library memory routine",[3855,3862,3863],{},"Possible misuse of sizeof",[3855,3865,3866],{},"Buffer overflow from incorrect string format specifier",[3855,3868,3869],{},"Invalid use of standard library string routine",[3855,3871,3872],{},"Destination buffer overflow in string manipulation",[3855,3874,3875],{},"Destination buffer underflow in string manipulation",[39,3877,3878],{},"Rule partially covered.",[258,3880,3882,3888,3896,3903],{"className":3881},[1544],[275,3883,3884],{},[43,3885,3887],{"href":3886},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fsecurity-reviewer-static-reviewer","Security Reviewer - Static Reviewer",[275,3889,3890],{},[2918,3891,3893],{"className":3892},[3448],[39,3894,3895],{},"6.02",[275,3897,3898],{},[39,3899,3900],{},[3455,3901,3902],{},"C109",[275,3904,3905],{},[39,3906,3907],{},"Fully Implemented",[258,3909,3911,3919,3927,3933],{"className":3910},[1520],[275,3912,3913],{},[39,3914,3915],{},[43,3916,3918],{"href":3917},"https:\u002F\u002Fwww.securecoding.cert.org\u002Fconfluence\u002Fdisplay\u002Fseccode\u002FSplint","Splint",[275,3920,3921],{},[2918,3922,3924],{"className":3923},[3448],[39,3925,3926],{},"3.1.1",[275,3928,3929],{},[39,3930,3931],{},[638,3932],{},[275,3934,3935],{},[39,3936,3937],{},[638,3938],{},[258,3940,3942,3948,3955,3967],{"className":3941},[1544],[275,3943,3944],{},[43,3945,3947],{"href":3946},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Frulechecker","RuleChecker",[275,3949,3950],{},[2918,3951,3953],{"className":3952},[3448],[39,3954,3449],{},[275,3956,3957,290,3961,290,3965],{},[3455,3958,3457,3959],{},[638,3960],{},[3455,3962,3462,3963],{},[638,3964],{},[3455,3966,3467],{},[275,3968,3969],{},"Partially checked",[258,3971,3973,3979,3987,3992],{"className":3972},[1520],[275,3974,3975],{},[43,3976,3978],{"href":3977},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Ftrustinsoft-analyzer","TrustInSoft Analyzer",[275,3980,3981],{},[2918,3982,3984],{"className":3983},[3448],[39,3985,3986],{},"1.38",[275,3988,3989],{},[3455,3990,3991],{},"out of bounds read",[275,3993,3994],{},"Partially verified.",[659,3996,3998],{"id":3997},"related-vulnerabilities","Related Vulnerabilities",[39,4000,4001,4006,4007,4009],{},[43,4002,4005],{"href":4003,"rel":4004},"https:\u002F\u002Fbugs.chromium.org\u002Fp\u002Fproject-zero\u002Fissues\u002Fdetail?id=820",[2280],"CVE-2016-2208"," results from a violation of this rule. The attacker can supply a value used to determine how much data is copied into a buffer via ",[72,4008,850],{}," , resulting in a buffer overlow of attacker-controlled data.",[39,4011,4012,4013,4016,4017,47],{},"Search for ",[43,4014,4015],{"href":3338},"vulnerabilities"," resulting from the violation of this rule on the ",[43,4018,4021],{"href":4019,"rel":4020},"https:\u002F\u002Fwww.kb.cert.org\u002Fvulnotes\u002Fbymetric?searchview&query=FIELD+KEYWORDS+contains+ARR38-C",[2280],"CERT website",[244,4023,4025],{"id":4024},"related-guidelines","Related Guidelines",[39,4027,4028,4032],{},[43,4029,4031],{"href":4030},"\u002Fsei-cert-c-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fhow-this-coding-standard-is-organized#HowthisCodingStandardisOrganized-RelatedGuidelines","Key here"," (explains table format and definitions)",[252,4034,4036],{"className":4035},[1501],[270,4037,4038,4056,4073,4088,4101,4113,4127,4139,4161,4176,4192,4208,4222],{},[258,4039,4041,4046,4051],{"className":4040},[3413],[261,4042,4043],{},[39,4044,4045],{},"Taxonomy",[261,4047,4048],{},[39,4049,4050],{},"Taxonomy item",[261,4052,4053],{},[39,4054,4055],{},"Relationship",[258,4057,4059,4064,4070],{"className":4058},[1520],[275,4060,4061],{},[43,4062,4063],{"href":17},"C Secure Coding Standard",[275,4065,4066],{},[43,4067,4069],{"href":4068},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fapplication-programming-interfaces-api\u002Fapi00-c","API00-C. Functions should validate their parameters",[275,4071,4072],{},"Prior to 2018-01-12: CERT: Unspecified Relationship",[258,4074,4076,4080,4086],{"className":4075},[1544],[275,4077,4078],{},[43,4079,4063],{"href":17},[275,4081,4082],{},[43,4083,4085],{"href":4084},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Farrays-arr\u002Farr01-c","ARR01-C. Do not apply the sizeof operator to a pointer when taking the size of an array",[275,4087,4072],{},[258,4089,4091,4095,4099],{"className":4090},[1520],[275,4092,4093],{},[43,4094,4063],{"href":17},[275,4096,4097],{},[43,4098,1918],{"href":1917},[275,4100,4072],{},[258,4102,4104,4108,4111],{"className":4103},[1544],[275,4105,4106],{},[43,4107,2980],{"href":2979},[275,4109,4110],{},"Forming invalid pointers by library functions [libptr]",[275,4112,4072],{},[258,4114,4116,4122,4125],{"className":4115},[1520],[275,4117,4118],{},[43,4119,4121],{"href":4120},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Faa-bibliography#AA.Bibliography-ISO-IECTR24772-2013","ISO\u002FIEC TR 24772:2013",[275,4123,4124],{},"Buffer Boundary Violation (Buffer Overflow) [HCB]",[275,4126,4072],{},[258,4128,4130,4134,4137],{"className":4129},[1544],[275,4131,4132],{},[43,4133,4121],{"href":4120},[275,4135,4136],{},"Unchecked Array Copying [XYW]",[275,4138,4072],{},[258,4140,4142,4148,4158],{"className":4141},[1520],[275,4143,4144],{},[43,4145,4147],{"href":4146},"https:\u002F\u002Fcwe.mitre.org\u002Fdata\u002Findex.html","CWE 2.11",[275,4149,4150,290,4154,4157],{},[43,4151,4153],{"href":4152},"http:\u002F\u002Fcwe.mitre.org\u002Fdata\u002Fdefinitions\u002F119.html","CWE-119",[43,4155,4156],{"href":2278},","," Improper Restriction of Operations within the Bounds of a Memory Buffer",[275,4159,4160],{},"2017-05-18: CERT: Rule subset of CWE",[258,4162,4164,4168,4173],{"className":4163},[1544],[275,4165,4166],{},[43,4167,4147],{"href":4146},[275,4169,4170,4172],{},[43,4171,2281],{"href":2278}," , Stack-based Buffer Overflow",[275,4174,4175],{},"2017-05-18: CERT: Partial overlap",[258,4177,4179,4183,4190],{"className":4178},[1520],[275,4180,4181],{},[43,4182,4147],{"href":4146},[275,4184,4185,4189],{},[43,4186,4188],{"href":4187},"https:\u002F\u002Fcwe.mitre.org\u002Fdata\u002Fdefinitions\u002F123.html","CWE-123"," , Write-what-where Condition",[275,4191,4175],{},[258,4193,4195,4199,4206],{"className":4194},[1544],[275,4196,4197],{},[43,4198,4147],{"href":4146},[275,4200,4201,4205],{},[43,4202,4204],{"href":4203},"https:\u002F\u002Fcwe.mitre.org\u002Fdata\u002Fdefinitions\u002F125.html","CWE-125"," , Out-of-bounds Read",[275,4207,4175],{},[258,4209,4211,4215,4220],{"className":4210},[1520],[275,4212,4213],{},[43,4214,4147],{"href":4146},[275,4216,4217,4219],{},[43,4218,2287],{"href":2285}," , Buffer Access with Incorrect Length Value",[275,4221,4175],{},[258,4223,4225,4231,4238],{"className":4224},[1544],[275,4226,4227],{},[43,4228,4230],{"href":4229},"https:\u002F\u002Fcwe.mitre.org\u002Fdata\u002Farchive.html","CWE 3.1",[275,4232,4233,4237],{},[43,4234,4236],{"href":4235},"https:\u002F\u002Fcwe.mitre.org\u002Fdata\u002Fdefinitions\u002F129.html","CWE-129"," , Improper Validation of Array Index",[275,4239,4240,4243],{},[39,4241,4242],{},"2017-10-30:MITRE:Unspecified Relationship",[39,4244,4245],{},"2018-10-18:CERT: Partial Overlap",[244,4247,4249],{"id":4248},"cert-cwe-mapping-notes","CERT-CWE Mapping Notes",[39,4251,4252,4255],{},[43,4253,4031],{"href":4254},"\u002Fsei-cert-c-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fhow-this-coding-standard-is-organized#HowthisCodingStandardisOrganized-CERT-CWEMappingNotes"," for mapping notes",[659,4257,4259],{"id":4258},"cwe-121-and-arr38-c","CWE-121 and ARR38-C",[39,4261,4262],{},"Intersection( CWE-121, ARR38-C) =",[3852,4264,4265],{},[3855,4266,4267],{},"Stack buffer overflow from passing invalid arguments to library function",[39,4269,4270],{},"CWE-121 – ARR38-C =",[3852,4272,4273],{},[3855,4274,4275],{},"Stack buffer overflows from direct out-of-bounds write",[39,4277,4278],{},"ARR38-C – CWE-121 =",[3852,4280,4281],{},[3855,4282,4283],{},"Out-of-bounds read from passing invalid arguments to library function",[3852,4285,4286],{},[3855,4287,4288],{},"Buffer overflow on heap or data segment from passing invalid arguments to library function",[659,4290,4292],{"id":4291},"cwe-119-and-arr38-c","CWE-119 and ARR38-C",[39,4294,4295],{},"See CWE-119 and ARR30-C",[659,4297,4299],{"id":4298},"cwe-125-and-arr38-c","CWE-125 and ARR38-C",[39,4301,4302],{},"Independent( ARR30-C, ARR38-C, EXP39-C, INT30-C)",[39,4304,4305],{},"STR31-C = Subset( Union( ARR30-C, ARR38-C))",[39,4307,4308],{},"STR32-C = Subset( ARR38-C)",[39,4310,4311],{},"Intersection( ARR38-C, CWE-125) =",[3852,4313,4314],{},[3855,4315,4316],{},"Reading from an out-of-bounds array index or off the end of an array via standard library function",[39,4318,4319],{},"ARR38-C – CWE-125 =",[3852,4321,4322],{},[3855,4323,4324],{},"Writing to an out-of-bounds array index or off the end of an array via standard library function",[39,4326,4327],{},"CWE-125 – ARR38-C =",[3852,4329,4330],{},[3855,4331,4332],{},"Reading beyond a non-array buffer",[3852,4334,4335],{},[3855,4336,4337],{},"Reading beyond an array directly (using pointer arithmetic, or [] notation)",[659,4339,4341],{"id":4340},"cwe-805-and-arr38-c","CWE-805 and ARR38-C",[39,4343,4344],{},"Intersection( CWE-805, ARR38-C) =",[3852,4346,4347],{},[3855,4348,4349],{},"Buffer access with incorrect length via passing invalid arguments to library function",[39,4351,4352],{},"CWE-805 – ARR38-C =",[3852,4354,4355],{},[3855,4356,4357],{},"Buffer access with incorrect length directly (such as a loop construct)",[39,4359,4360],{},"ARR38-C – CWE-805 =",[3852,4362,4363],{},[3855,4364,4365],{},"Out-of-bounds read or write that does not involve incorrect length (could use incorrect offset instead), that uses library function",[659,4367,4369],{"id":4368},"cwe-123-and-arr38-c","CWE-123 and ARR38-C",[39,4371,4372],{},"Independent(ARR30-C, ARR38-C)",[39,4374,4305],{},[39,4376,4308],{},[39,4378,4379],{},"CWE-123 includes any operation that allows an attacker to write an arbitrary value to an arbitrary memory location. This could be accomplished via overwriting a pointer with data that refers to the address to write, then when the program writes to a pointed-to value, supplying a malicious value. Vulnerable pointer values can be corrupted by:",[3852,4381,4382],{},[3855,4383,4384],{},"Stack return address",[3852,4386,4387],{},[3855,4388,4389],{},"Buffer overflow on the heap (which typically overwrites back\u002Fnext pointer values)",[3852,4391,4392],{},[3855,4393,4394],{},"Write to untrusted array index (if it is also invalid)",[3852,4396,4397],{},[3855,4398,4399],{},"Format string exploit",[3852,4401,4402],{},[3855,4403,4404],{},"Overwriting a C++ object with virtual functions (because it has a virtual pointer)",[3852,4406,4407],{},[3855,4408,4409],{},"Others?",[39,4411,4412],{},"Intersection( CWE-123, ARR38-C) =",[3852,4414,4415],{},[3855,4416,4417],{},"Buffer overflow via passing invalid arguments to library function",[39,4419,4420],{},"ARR38-C – CWE-123 =",[3852,4422,4423],{},[3855,4424,4425],{},"Buffer overflow to “harmless” memory from passing invalid arguments to library function",[3852,4427,4428],{},[3855,4429,4283],{},[39,4431,4432],{},"CWE-123 – ARR38-C =",[3852,4434,4435],{},[3855,4436,4437],{},"Arbitrary writes that do not involve standard C library functions",[659,4439,4441],{"id":4440},"cwe-129-and-arr38-c","CWE-129 and ARR38-C",[39,4443,4444],{},"ARR38-C - CWE-129 = making library functions create invalid pointers without using untrusted data.",[39,4446,4447,4448],{},"E.g. : ",[72,4449,4450],{},"  char[3] array; ",[39,4452,4453],{},[72,4454,4455],{},"  strcpy(array, \"123456\"); ",[39,4457,4458],{},"CWE-129 - ARR38-C = not validating an integer used as an array index or in pointer arithmetic",[39,4460,4461,4462],{},"E.g.: ",[72,4463,4464],{},"  void foo(int i) { ",[39,4466,4467],{},[72,4468,4469],{},"  char array[3]; ",[39,4471,4472],{},[72,4473,4474],{},"  array[i]; ",[39,4476,4477],{},[72,4478,4479],{},"  } ",[39,4481,4482],{},"Intersection(ARR38-C, CWE-129) = making library functions create invalid pointers using untrusted data.",[39,4484,4485],{},[72,4486,4487],{},"  eg: void foo(int i) { ",[39,4489,4490],{},[72,4491,4492],{},"  char src[3], dest[3]; ",[39,4494,4495],{},[72,4496,4497],{},"  memcpy(dest, src, i); ",[39,4499,4500],{},[72,4501,4479],{},[244,4503,4505],{"id":4504},"bibliography","Bibliography",[252,4507,4509],{"className":4508},[1501],[270,4510,4511,4528,4541,4553],{},[258,4512,4514,4522],{"className":4513},[1520],[275,4515,4516,4517,4521],{},"[ ",[43,4518,4520],{"href":4519},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Faa-bibliography#AA.Bibliography-Cassidy2014","Cassidy 2014"," ]",[275,4523,4524],{},[43,4525,4527],{"href":4526},"http:\u002F\u002Fblog.existentialize.com\u002Fdiagnosis-of-the-openssl-heartbleed-bug.html","Existential Type Crisis : Diagnosis of the OpenSSL Heartbleed Bug",[258,4529,4531,4537],{"className":4530},[1544],[275,4532,4516,4533,4521],{},[43,4534,4536],{"href":4535},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Faa-bibliography#AA.Bibliography-IETFRFC6520","IETF: RFC 6520",[275,4538,4539],{},[638,4540],{},[258,4542,4544,4549],{"className":4543},[1520],[275,4545,4516,4546,4521],{},[43,4547,2980],{"href":4548},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Faa-bibliography#AA.Bibliography-ISO\u002FIECTS17961",[275,4550,4551],{},[638,4552],{},[258,4554,4556,4562],{"className":4555},[1544],[275,4557,4516,4558,4521],{},[43,4559,4561],{"href":4560},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Faa-bibliography#AA.Bibliography-VU720951","VU#720951",[275,4563,4564],{},[638,4565],{},[4567,4568],"hr",{},[39,4570,4571,290,4578,290,4584],{},[43,4572,4574],{"href":4573},"\u002Fsei-cert-c-coding-standard\u002Frules\u002Farrays-arr\u002Farr37-c",[4575,4576],"img",{"src":4577},"\u002Fattachments\u002F87152044\u002F88034188.png",[43,4579,4581],{"href":4580},"\u002Fsei-cert-c-coding-standard\u002Frules\u002Farrays-arr\u002F",[4575,4582],{"src":4583},"\u002Fattachments\u002F87152044\u002F88034190.png",[43,4585,4587],{"href":4586},"\u002Fsei-cert-c-coding-standard\u002Frules\u002Farrays-arr\u002Farr39-c",[4575,4588],{"src":4589},"\u002Fattachments\u002F87152044\u002F88034189.png",[4591,4592,4593],"style",{},"html pre.shiki code .sq6CD, html code.shiki .sq6CD{--shiki-default:#D73A49;--shiki-default-font-style:inherit;--shiki-dark:#F97583;--shiki-dark-font-style:inherit;--shiki-sepia:#66D9EF;--shiki-sepia-font-style:italic}html pre.shiki code .sMOD_, html code.shiki .sMOD_{--shiki-default:#24292E;--shiki-dark:#E1E4E8;--shiki-sepia:#F8F8F2}html pre.shiki code .s7F3e, html code.shiki .s7F3e{--shiki-default:#005CC5;--shiki-dark:#79B8FF;--shiki-sepia:#AE81FF}html pre.shiki code .sC2Qs, html code.shiki .sC2Qs{--shiki-default:#D73A49;--shiki-dark:#F97583;--shiki-sepia:#F92672}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html .sepia .shiki span {color: var(--shiki-sepia);background: var(--shiki-sepia-bg);font-style: var(--shiki-sepia-font-style);font-weight: var(--shiki-sepia-font-weight);text-decoration: var(--shiki-sepia-text-decoration);}html.sepia .shiki span {color: var(--shiki-sepia);background: var(--shiki-sepia-bg);font-style: var(--shiki-sepia-font-style);font-weight: var(--shiki-sepia-font-weight);text-decoration: var(--shiki-sepia-text-decoration);}html pre.shiki code .sstjo, html code.shiki .sstjo{--shiki-default:#032F62;--shiki-dark:#9ECBFF;--shiki-sepia:#E6DB74}html pre.shiki code .srTi1, html code.shiki .srTi1{--shiki-default:#6F42C1;--shiki-dark:#B392F0;--shiki-sepia:#A6E22E}html pre.shiki code .s8-w5, html code.shiki .s8-w5{--shiki-default:#6A737D;--shiki-dark:#6A737D;--shiki-sepia:#88846F}html pre.shiki code .sTHNf, html code.shiki .sTHNf{--shiki-default:#E36209;--shiki-default-font-style:inherit;--shiki-dark:#FFAB70;--shiki-dark-font-style:inherit;--shiki-sepia:#FD971F;--shiki-sepia-font-style:italic}html pre.shiki code .s-m8C, html code.shiki .s-m8C{--shiki-default:#005CC5;--shiki-default-font-style:inherit;--shiki-dark:#79B8FF;--shiki-dark-font-style:inherit;--shiki-sepia:#66D9EF;--shiki-sepia-font-style:italic}html pre.shiki code .sOrwc, html code.shiki .sOrwc{--shiki-default:#E36209;--shiki-dark:#FFAB70;--shiki-sepia:#F8F8F2}",{"title":70,"searchDepth":96,"depth":96,"links":4595},[4596,4604,4608,4616,4620,4621,4629],{"id":246,"depth":96,"text":247,"children":4597},[4598,4599,4600,4601,4602,4603],{"id":661,"depth":114,"text":662},{"id":843,"depth":114,"text":844},{"id":1017,"depth":114,"text":1018},{"id":1146,"depth":114,"text":1147},{"id":1253,"depth":114,"text":1018},{"id":1390,"depth":114,"text":1147},{"id":1493,"depth":96,"text":1494,"children":4605},[4606,4607],{"id":1614,"depth":114,"text":1615},{"id":1712,"depth":114,"text":1713},{"id":1830,"depth":96,"text":1831,"children":4609},[4610,4611,4612,4613,4614,4615],{"id":1902,"depth":114,"text":1903},{"id":2080,"depth":114,"text":2081},{"id":2221,"depth":114,"text":2222},{"id":2434,"depth":114,"text":2435},{"id":2567,"depth":114,"text":2568},{"id":2984,"depth":114,"text":2985},{"id":3331,"depth":96,"text":3332,"children":4617},[4618,4619],{"id":3403,"depth":114,"text":3404},{"id":3997,"depth":114,"text":3998},{"id":4024,"depth":96,"text":4025},{"id":4248,"depth":96,"text":4249,"children":4622},[4623,4624,4625,4626,4627,4628],{"id":4258,"depth":114,"text":4259},{"id":4291,"depth":114,"text":4292},{"id":4298,"depth":114,"text":4299},{"id":4340,"depth":114,"text":4341},{"id":4368,"depth":114,"text":4369},{"id":4440,"depth":114,"text":4441},{"id":4504,"depth":96,"text":4505},"C library functions that make changes to arrays or objects take at least two arguments: a pointer to the array or object and an integer indicating the number of elements or bytes to be manipulated. For the purposes of this rule, the element count of a pointer is the size of the object to which it points, expressed by the number of elements that are valid to access. Supplying arguments to such a function might cause the function to form a pointer that does not point into or just past the end of the object, resulting in undefined behavior .","md",{"tags":4633},[4634,4635,227,4636,4637],"in-cpp","ptc","android-unknown","rule",{"title":30,"description":4630},"4.sei-cert-c-coding-standard\u002F03.rules\u002F03.arrays-arr\u002F6.arr38-c","QMU4pBa4qs5N3DvTlLo7cm45UhRfbHwNQerNhSPoQUI",[4642,4645],{"title":4643,"path":4573,"stem":4644,"children":-1},"ARR37-C. Do not add or subtract an integer to a pointer to a non-array object","4.sei-cert-c-coding-standard\u002F03.rules\u002F03.arrays-arr\u002F5.arr37-c",{"title":4646,"path":4586,"stem":4647,"children":-1},"ARR39-C. Do not add or subtract a scaled integer to a pointer","4.sei-cert-c-coding-standard\u002F03.rules\u002F03.arrays-arr\u002F7.arr39-c",[4649],{"title":4650,"path":4651,"stem":4652,"children":4653},"SEI CERT C Coding Standard","\u002Fsei-cert-c-coding-standard","4.sei-cert-c-coding-standard\u002F01.index",[4654,4655,4727,5306,5580,5594,5598,5602,5606,6415],{"title":4650,"path":4651,"stem":4652},{"title":4656,"path":4657,"stem":4658,"children":4659},"Front Matter","\u002Fsei-cert-c-coding-standard\u002Ffront-matter","4.sei-cert-c-coding-standard\u002F02.front-matter\u002F1.index",[4660,4661],{"title":4656,"path":4657,"stem":4658},{"title":4662,"path":4663,"stem":4664,"children":4665},"Introduction","\u002Fsei-cert-c-coding-standard\u002Ffront-matter\u002Fintroduction","4.sei-cert-c-coding-standard\u002F02.front-matter\u002F2.introduction\u002F01.index",[4666,4667,4671,4675,4679,4683,4687,4691,4695,4699,4703,4707,4711,4715,4719,4723],{"title":4662,"path":4663,"stem":4664},{"title":4668,"path":4669,"stem":4670},"Scope","\u002Fsei-cert-c-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fscope","4.sei-cert-c-coding-standard\u002F02.front-matter\u002F2.introduction\u002F01.scope",{"title":4672,"path":4673,"stem":4674},"Audience","\u002Fsei-cert-c-coding-standard\u002Ffront-matter\u002Fintroduction\u002Faudience","4.sei-cert-c-coding-standard\u002F02.front-matter\u002F2.introduction\u002F02.audience",{"title":4676,"path":4677,"stem":4678},"How this Coding Standard is Organized","\u002Fsei-cert-c-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fhow-this-coding-standard-is-organized","4.sei-cert-c-coding-standard\u002F02.front-matter\u002F2.introduction\u002F03.how-this-coding-standard-is-organized",{"title":4680,"path":4681,"stem":4682},"History","\u002Fsei-cert-c-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fhistory","4.sei-cert-c-coding-standard\u002F02.front-matter\u002F2.introduction\u002F04.history",{"title":4684,"path":4685,"stem":4686},"ISO\u002FIEC TS 17961 C Secure Coding Rules","\u002Fsei-cert-c-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fisoiec-ts-17961-c-secure-coding-rules","4.sei-cert-c-coding-standard\u002F02.front-matter\u002F2.introduction\u002F05.isoiec-ts-17961-c-secure-coding-rules",{"title":4688,"path":4689,"stem":4690},"Tool Selection and Validation","\u002Fsei-cert-c-coding-standard\u002Ffront-matter\u002Fintroduction\u002Ftool-selection-and-validation","4.sei-cert-c-coding-standard\u002F02.front-matter\u002F2.introduction\u002F06.tool-selection-and-validation",{"title":4692,"path":4693,"stem":4694},"Taint Analysis","\u002Fsei-cert-c-coding-standard\u002Ffront-matter\u002Fintroduction\u002Ftaint-analysis","4.sei-cert-c-coding-standard\u002F02.front-matter\u002F2.introduction\u002F07.taint-analysis",{"title":4696,"path":4697,"stem":4698},"Rules versus Recommendations","\u002Fsei-cert-c-coding-standard\u002Ffront-matter\u002Fintroduction\u002Frules-versus-recommendations","4.sei-cert-c-coding-standard\u002F02.front-matter\u002F2.introduction\u002F08.rules-versus-recommendations",{"title":4700,"path":4701,"stem":4702},"Conformance Testing","\u002Fsei-cert-c-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fconformance-testing","4.sei-cert-c-coding-standard\u002F02.front-matter\u002F2.introduction\u002F09.conformance-testing",{"title":4704,"path":4705,"stem":4706},"Development Process","\u002Fsei-cert-c-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fdevelopment-process","4.sei-cert-c-coding-standard\u002F02.front-matter\u002F2.introduction\u002F10.development-process",{"title":4708,"path":4709,"stem":4710},"Usage","\u002Fsei-cert-c-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fusage","4.sei-cert-c-coding-standard\u002F02.front-matter\u002F2.introduction\u002F11.usage",{"title":4712,"path":4713,"stem":4714},"System Qualities","\u002Fsei-cert-c-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fsystem-qualities","4.sei-cert-c-coding-standard\u002F02.front-matter\u002F2.introduction\u002F12.system-qualities",{"title":4716,"path":4717,"stem":4718},"Automatically Generated Code","\u002Fsei-cert-c-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fautomatically-generated-code","4.sei-cert-c-coding-standard\u002F02.front-matter\u002F2.introduction\u002F13.automatically-generated-code",{"title":4720,"path":4721,"stem":4722},"Government Regulations","\u002Fsei-cert-c-coding-standard\u002Ffront-matter\u002Fintroduction\u002Fgovernment-regulations","4.sei-cert-c-coding-standard\u002F02.front-matter\u002F2.introduction\u002F14.government-regulations",{"title":4724,"path":4725,"stem":4726},"Acknowledgments","\u002Fsei-cert-c-coding-standard\u002Ffront-matter\u002Fintroduction\u002Facknowledgments","4.sei-cert-c-coding-standard\u002F02.front-matter\u002F2.introduction\u002F15.acknowledgments",{"title":4728,"path":4729,"stem":4730,"children":4731},"Rules","\u002Fsei-cert-c-coding-standard\u002Frules","4.sei-cert-c-coding-standard\u002F03.rules\u002F01.index",[4732,4733,4737,4758,4788,4850,4888,4914,4936,5002,5028,5086,5118,5148,5158,5196,5266,5284],{"title":4728,"path":4729,"stem":4730},{"title":4734,"path":4735,"stem":4736},"Application Programming Interfaces (API)","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fapplication-programming-interfaces-api","4.sei-cert-c-coding-standard\u002F03.rules\u002F02.application-programming-interfaces-api",{"title":4738,"path":4739,"stem":4740,"children":4741},"Arrays (ARR)","\u002Fsei-cert-c-coding-standard\u002Frules\u002Farrays-arr","4.sei-cert-c-coding-standard\u002F03.rules\u002F03.arrays-arr\u002F1.index",[4742,4743,4747,4751,4755,4756,4757],{"title":4738,"path":4739,"stem":4740},{"title":4744,"path":4745,"stem":4746},"ARR30-C. Do not form or use out-of-bounds pointers or array subscripts","\u002Fsei-cert-c-coding-standard\u002Frules\u002Farrays-arr\u002Farr30-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F03.arrays-arr\u002F2.arr30-c",{"title":4748,"path":4749,"stem":4750},"ARR32-C. Ensure size arguments for variable length arrays are in a valid range","\u002Fsei-cert-c-coding-standard\u002Frules\u002Farrays-arr\u002Farr32-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F03.arrays-arr\u002F3.arr32-c",{"title":4752,"path":4753,"stem":4754},"ARR36-C. Do not subtract or compare two pointers that do not refer to the same array","\u002Fsei-cert-c-coding-standard\u002Frules\u002Farrays-arr\u002Farr36-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F03.arrays-arr\u002F4.arr36-c",{"title":4643,"path":4573,"stem":4644},{"title":30,"path":2975,"stem":4639},{"title":4646,"path":4586,"stem":4647},{"title":4759,"path":4760,"stem":4761,"children":4762},"Characters and Strings (STR)","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fcharacters-and-strings-str","4.sei-cert-c-coding-standard\u002F03.rules\u002F04.characters-and-strings-str\u002F1.index",[4763,4764,4768,4772,4776,4780,4784],{"title":4759,"path":4760,"stem":4761},{"title":4765,"path":4766,"stem":4767},"STR30-C. Do not attempt to modify string literals","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fcharacters-and-strings-str\u002Fstr30-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F04.characters-and-strings-str\u002F2.str30-c",{"title":4769,"path":4770,"stem":4771},"STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fcharacters-and-strings-str\u002Fstr31-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F04.characters-and-strings-str\u002F3.str31-c",{"title":4773,"path":4774,"stem":4775},"STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fcharacters-and-strings-str\u002Fstr32-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F04.characters-and-strings-str\u002F4.str32-c",{"title":4777,"path":4778,"stem":4779},"STR34-C. Cast characters to unsigned char before converting to larger integer sizes","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fcharacters-and-strings-str\u002Fstr34-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F04.characters-and-strings-str\u002F5.str34-c",{"title":4781,"path":4782,"stem":4783},"STR37-C. Arguments to character-handling functions must be representable as an unsigned char","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fcharacters-and-strings-str\u002Fstr37-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F04.characters-and-strings-str\u002F6.str37-c",{"title":4785,"path":4786,"stem":4787},"STR38-C. Do not confuse narrow and wide character strings and functions","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fcharacters-and-strings-str\u002Fstr38-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F04.characters-and-strings-str\u002F7.str38-c",{"title":4789,"path":4790,"stem":4791,"children":4792},"Concurrency (CON)","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fconcurrency-con","4.sei-cert-c-coding-standard\u002F03.rules\u002F05.concurrency-con\u002F01.index",[4793,4794,4798,4802,4806,4810,4814,4818,4822,4826,4830,4834,4838,4842,4846],{"title":4789,"path":4790,"stem":4791},{"title":4795,"path":4796,"stem":4797},"CON30-C. Clean up thread-specific storage","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fconcurrency-con\u002Fcon30-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F05.concurrency-con\u002F02.con30-c",{"title":4799,"path":4800,"stem":4801},"CON31-C. Do not destroy a mutex while it is locked","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fconcurrency-con\u002Fcon31-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F05.concurrency-con\u002F03.con31-c",{"title":4803,"path":4804,"stem":4805},"CON32-C. Prevent data races when accessing bit-fields from multiple threads","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fconcurrency-con\u002Fcon32-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F05.concurrency-con\u002F04.con32-c",{"title":4807,"path":4808,"stem":4809},"CON33-C. Avoid race conditions when using library functions","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fconcurrency-con\u002Fcon33-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F05.concurrency-con\u002F05.con33-c",{"title":4811,"path":4812,"stem":4813},"CON34-C. Declare objects shared between threads with appropriate storage durations","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fconcurrency-con\u002Fcon34-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F05.concurrency-con\u002F06.con34-c",{"title":4815,"path":4816,"stem":4817},"CON35-C. Avoid deadlock by locking in a predefined order","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fconcurrency-con\u002Fcon35-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F05.concurrency-con\u002F07.con35-c",{"title":4819,"path":4820,"stem":4821},"CON36-C. Wrap functions that can spuriously wake up in a loop","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fconcurrency-con\u002Fcon36-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F05.concurrency-con\u002F08.con36-c",{"title":4823,"path":4824,"stem":4825},"CON37-C. Do not call signal() in a multithreaded program","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fconcurrency-con\u002Fcon37-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F05.concurrency-con\u002F09.con37-c",{"title":4827,"path":4828,"stem":4829},"CON38-C. Preserve thread safety and liveness when using condition variables","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fconcurrency-con\u002Fcon38-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F05.concurrency-con\u002F10.con38-c",{"title":4831,"path":4832,"stem":4833},"CON39-C. Do not join or detach a thread that was previously joined or detached","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fconcurrency-con\u002Fcon39-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F05.concurrency-con\u002F11.con39-c",{"title":4835,"path":4836,"stem":4837},"CON40-C. Do not refer to an atomic variable twice in an expression","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fconcurrency-con\u002Fcon40-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F05.concurrency-con\u002F12.con40-c",{"title":4839,"path":4840,"stem":4841},"CON41-C. Wrap functions that can fail spuriously in a loop","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fconcurrency-con\u002Fcon41-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F05.concurrency-con\u002F13.con41-c",{"title":4843,"path":4844,"stem":4845},"CON42-C. Don't allow attackers to influence environment variables that control concurrency parameters","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fconcurrency-con\u002Fcon42-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F05.concurrency-con\u002F14.con42-c",{"title":4847,"path":4848,"stem":4849},"CON43-C. Do not allow data races in multithreaded code","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fconcurrency-con\u002Fcon43-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F05.concurrency-con\u002F15.con43-c",{"title":4851,"path":4852,"stem":4853,"children":4854},"Declarations and Initialization (DCL)","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl","4.sei-cert-c-coding-standard\u002F03.rules\u002F06.declarations-and-initialization-dcl\u002F1.index",[4855,4856,4860,4864,4868,4872,4876,4880,4884],{"title":4851,"path":4852,"stem":4853},{"title":4857,"path":4858,"stem":4859},"DCL30-C. Declare objects with appropriate storage durations","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl\u002Fdcl30-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F06.declarations-and-initialization-dcl\u002F2.dcl30-c",{"title":4861,"path":4862,"stem":4863},"DCL31-C. Declare identifiers before using them","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl\u002Fdcl31-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F06.declarations-and-initialization-dcl\u002F3.dcl31-c",{"title":4865,"path":4866,"stem":4867},"DCL36-C. Do not declare an identifier with conflicting linkage classifications","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl\u002Fdcl36-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F06.declarations-and-initialization-dcl\u002F4.dcl36-c",{"title":4869,"path":4870,"stem":4871},"DCL37-C. Do not declare or define a reserved identifier","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl\u002Fdcl37-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F06.declarations-and-initialization-dcl\u002F5.dcl37-c",{"title":4873,"path":4874,"stem":4875},"DCL38-C. Use the correct syntax when declaring a flexible array member","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl\u002Fdcl38-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F06.declarations-and-initialization-dcl\u002F6.dcl38-c",{"title":4877,"path":4878,"stem":4879},"DCL39-C. Avoid information leakage when passing a structure across a trust boundary","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl\u002Fdcl39-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F06.declarations-and-initialization-dcl\u002F7.dcl39-c",{"title":4881,"path":4882,"stem":4883},"DCL40-C. Do not create incompatible declarations of the same function or object","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl\u002Fdcl40-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F06.declarations-and-initialization-dcl\u002F8.dcl40-c",{"title":4885,"path":4886,"stem":4887},"DCL41-C. Do not declare variables inside a switch statement before the first case label","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fdeclarations-and-initialization-dcl\u002Fdcl41-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F06.declarations-and-initialization-dcl\u002F9.dcl41-c",{"title":4889,"path":4890,"stem":4891,"children":4892},"Environment (ENV)","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fenvironment-env","4.sei-cert-c-coding-standard\u002F03.rules\u002F07.environment-env\u002F1.index",[4893,4894,4898,4902,4906,4910],{"title":4889,"path":4890,"stem":4891},{"title":4895,"path":4896,"stem":4897},"ENV30-C. Do not modify the object referenced by the return value of certain functions","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fenvironment-env\u002Fenv30-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F07.environment-env\u002F2.env30-c",{"title":4899,"path":4900,"stem":4901},"ENV31-C. Do not rely on an environment pointer following an operation that may invalidate it","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fenvironment-env\u002Fenv31-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F07.environment-env\u002F3.env31-c",{"title":4903,"path":4904,"stem":4905},"ENV32-C. All exit handlers must return normally","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fenvironment-env\u002Fenv32-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F07.environment-env\u002F4.env32-c",{"title":4907,"path":4908,"stem":4909},"ENV33-C. Do not call system()","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fenvironment-env\u002Fenv33-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F07.environment-env\u002F5.env33-c",{"title":4911,"path":4912,"stem":4913},"ENV34-C. Do not store pointers returned by certain functions","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fenvironment-env\u002Fenv34-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F07.environment-env\u002F6.env34-c",{"title":4915,"path":4916,"stem":4917,"children":4918},"Error Handling (ERR)","\u002Fsei-cert-c-coding-standard\u002Frules\u002Ferror-handling-err","4.sei-cert-c-coding-standard\u002F03.rules\u002F08.error-handling-err\u002F1.index",[4919,4920,4924,4928,4932],{"title":4915,"path":4916,"stem":4917},{"title":4921,"path":4922,"stem":4923},"ERR30-C. Take care when reading errno","\u002Fsei-cert-c-coding-standard\u002Frules\u002Ferror-handling-err\u002Ferr30-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F08.error-handling-err\u002F2.err30-c",{"title":4925,"path":4926,"stem":4927},"ERR32-C. Do not rely on indeterminate values of errno","\u002Fsei-cert-c-coding-standard\u002Frules\u002Ferror-handling-err\u002Ferr32-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F08.error-handling-err\u002F3.err32-c",{"title":4929,"path":4930,"stem":4931},"ERR33-C. Detect and handle standard library errors","\u002Fsei-cert-c-coding-standard\u002Frules\u002Ferror-handling-err\u002Ferr33-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F08.error-handling-err\u002F4.err33-c",{"title":4933,"path":4934,"stem":4935},"ERR34-C. Detect errors when converting a string to a number","\u002Fsei-cert-c-coding-standard\u002Frules\u002Ferror-handling-err\u002Ferr34-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F08.error-handling-err\u002F5.err34-c",{"title":4937,"path":4938,"stem":4939,"children":4940},"Expressions (EXP)","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fexpressions-exp","4.sei-cert-c-coding-standard\u002F03.rules\u002F09.expressions-exp\u002F01.index",[4941,4942,4946,4950,4954,4958,4962,4966,4970,4974,4978,4982,4986,4990,4994,4998],{"title":4937,"path":4938,"stem":4939},{"title":4943,"path":4944,"stem":4945},"EXP30-C. Do not depend on the order of evaluation for side effects","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp30-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F09.expressions-exp\u002F02.exp30-c",{"title":4947,"path":4948,"stem":4949},"EXP32-C. Do not access a volatile object through a nonvolatile reference","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp32-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F09.expressions-exp\u002F03.exp32-c",{"title":4951,"path":4952,"stem":4953},"EXP33-C. Do not read uninitialized memory","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp33-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F09.expressions-exp\u002F04.exp33-c",{"title":4955,"path":4956,"stem":4957},"EXP34-C. Do not dereference null pointers","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp34-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F09.expressions-exp\u002F05.exp34-c",{"title":4959,"path":4960,"stem":4961},"EXP35-C. Do not modify objects with temporary lifetime","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp35-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F09.expressions-exp\u002F06.exp35-c",{"title":4963,"path":4964,"stem":4965},"EXP36-C. Do not cast pointers into more strictly aligned pointer types","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp36-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F09.expressions-exp\u002F07.exp36-c",{"title":4967,"path":4968,"stem":4969},"EXP37-C. Call functions with the correct number and type of arguments","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp37-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F09.expressions-exp\u002F08.exp37-c",{"title":4971,"path":4972,"stem":4973},"EXP39-C. Do not access a variable through a pointer of an incompatible type","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp39-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F09.expressions-exp\u002F09.exp39-c",{"title":4975,"path":4976,"stem":4977},"EXP40-C. Do not modify constant objects","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp40-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F09.expressions-exp\u002F10.exp40-c",{"title":4979,"path":4980,"stem":4981},"EXP42-C. Do not compare padding data","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp42-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F09.expressions-exp\u002F11.exp42-c",{"title":4983,"path":4984,"stem":4985},"EXP43-C. Avoid undefined behavior when using restrict-qualified pointers","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp43-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F09.expressions-exp\u002F12.exp43-c",{"title":4987,"path":4988,"stem":4989},"EXP44-C. Do not rely on side effects in operands to sizeof, _Alignof, or _Generic","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp44-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F09.expressions-exp\u002F13.exp44-c",{"title":4991,"path":4992,"stem":4993},"EXP45-C. Do not perform assignments in selection statements","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp45-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F09.expressions-exp\u002F14.exp45-c",{"title":4995,"path":4996,"stem":4997},"EXP46-C. Do not use a bitwise operator with a Boolean-like operand","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp46-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F09.expressions-exp\u002F15.exp46-c",{"title":4999,"path":5000,"stem":5001},"EXP47-C. Do not call va_arg with an argument of the incorrect type","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fexpressions-exp\u002Fexp47-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F09.expressions-exp\u002F16.exp47-c",{"title":5003,"path":5004,"stem":5005,"children":5006},"Floating Point (FLP)","\u002Fsei-cert-c-coding-standard\u002Frules\u002Ffloating-point-flp","4.sei-cert-c-coding-standard\u002F03.rules\u002F10.floating-point-flp\u002F1.index",[5007,5008,5012,5016,5020,5024],{"title":5003,"path":5004,"stem":5005},{"title":5009,"path":5010,"stem":5011},"FLP30-C. Do not use floating-point variables as loop counters","\u002Fsei-cert-c-coding-standard\u002Frules\u002Ffloating-point-flp\u002Fflp30-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F10.floating-point-flp\u002F2.flp30-c",{"title":5013,"path":5014,"stem":5015},"FLP32-C. Prevent or detect domain and range errors in math functions","\u002Fsei-cert-c-coding-standard\u002Frules\u002Ffloating-point-flp\u002Fflp32-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F10.floating-point-flp\u002F3.flp32-c",{"title":5017,"path":5018,"stem":5019},"FLP34-C. Ensure that floating-point conversions are within range of the new type","\u002Fsei-cert-c-coding-standard\u002Frules\u002Ffloating-point-flp\u002Fflp34-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F10.floating-point-flp\u002F4.flp34-c",{"title":5021,"path":5022,"stem":5023},"FLP36-C. Preserve precision when converting integral values to floating-point type","\u002Fsei-cert-c-coding-standard\u002Frules\u002Ffloating-point-flp\u002Fflp36-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F10.floating-point-flp\u002F5.flp36-c",{"title":5025,"path":5026,"stem":5027},"FLP37-C. Do not use object representations to compare floating-point values","\u002Fsei-cert-c-coding-standard\u002Frules\u002Ffloating-point-flp\u002Fflp37-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F10.floating-point-flp\u002F6.flp37-c",{"title":5029,"path":5030,"stem":5031,"children":5032},"Input Output (FIO)","\u002Fsei-cert-c-coding-standard\u002Frules\u002Finput-output-fio","4.sei-cert-c-coding-standard\u002F03.rules\u002F11.input-output-fio\u002F01.index",[5033,5034,5038,5042,5046,5050,5054,5058,5062,5066,5070,5074,5078,5082],{"title":5029,"path":5030,"stem":5031},{"title":5035,"path":5036,"stem":5037},"FIO30-C. Exclude user input from format strings","\u002Fsei-cert-c-coding-standard\u002Frules\u002Finput-output-fio\u002Ffio30-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F11.input-output-fio\u002F02.fio30-c",{"title":5039,"path":5040,"stem":5041},"FIO32-C. Do not perform operations on devices that are only appropriate for files","\u002Fsei-cert-c-coding-standard\u002Frules\u002Finput-output-fio\u002Ffio32-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F11.input-output-fio\u002F03.fio32-c",{"title":5043,"path":5044,"stem":5045},"FIO34-C. Distinguish between characters read from a file and EOF or WEOF","\u002Fsei-cert-c-coding-standard\u002Frules\u002Finput-output-fio\u002Ffio34-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F11.input-output-fio\u002F04.fio34-c",{"title":5047,"path":5048,"stem":5049},"FIO37-C. Do not assume that fgets() or fgetws() returns a nonempty string when successful","\u002Fsei-cert-c-coding-standard\u002Frules\u002Finput-output-fio\u002Ffio37-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F11.input-output-fio\u002F05.fio37-c",{"title":5051,"path":5052,"stem":5053},"FIO38-C. Do not copy a FILE object","\u002Fsei-cert-c-coding-standard\u002Frules\u002Finput-output-fio\u002Ffio38-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F11.input-output-fio\u002F06.fio38-c",{"title":5055,"path":5056,"stem":5057},"FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call","\u002Fsei-cert-c-coding-standard\u002Frules\u002Finput-output-fio\u002Ffio39-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F11.input-output-fio\u002F07.fio39-c",{"title":5059,"path":5060,"stem":5061},"FIO40-C. Reset strings on fgets() or fgetws() failure","\u002Fsei-cert-c-coding-standard\u002Frules\u002Finput-output-fio\u002Ffio40-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F11.input-output-fio\u002F08.fio40-c",{"title":5063,"path":5064,"stem":5065},"FIO41-C. Do not call getc(), putc(), getwc(), or putwc() with a stream argument that has side effects","\u002Fsei-cert-c-coding-standard\u002Frules\u002Finput-output-fio\u002Ffio41-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F11.input-output-fio\u002F09.fio41-c",{"title":5067,"path":5068,"stem":5069},"FIO42-C. Close files when they are no longer needed","\u002Fsei-cert-c-coding-standard\u002Frules\u002Finput-output-fio\u002Ffio42-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F11.input-output-fio\u002F10.fio42-c",{"title":5071,"path":5072,"stem":5073},"FIO44-C. Only use values for fsetpos() that are returned from fgetpos()","\u002Fsei-cert-c-coding-standard\u002Frules\u002Finput-output-fio\u002Ffio44-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F11.input-output-fio\u002F11.fio44-c",{"title":5075,"path":5076,"stem":5077},"FIO45-C. Avoid TOCTOU race conditions while accessing files","\u002Fsei-cert-c-coding-standard\u002Frules\u002Finput-output-fio\u002Ffio45-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F11.input-output-fio\u002F12.fio45-c",{"title":5079,"path":5080,"stem":5081},"FIO46-C. Do not access a closed file","\u002Fsei-cert-c-coding-standard\u002Frules\u002Finput-output-fio\u002Ffio46-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F11.input-output-fio\u002F13.fio46-c",{"title":5083,"path":5084,"stem":5085},"FIO47-C. Use valid format strings","\u002Fsei-cert-c-coding-standard\u002Frules\u002Finput-output-fio\u002Ffio47-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F11.input-output-fio\u002F14.fio47-c",{"title":5087,"path":5088,"stem":5089,"children":5090},"Integers (INT)","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fintegers-int","4.sei-cert-c-coding-standard\u002F03.rules\u002F12.integers-int\u002F1.index",[5091,5092,5094,5098,5102,5106,5110,5114],{"title":5087,"path":5088,"stem":5089},{"title":1918,"path":1917,"stem":5093},"4.sei-cert-c-coding-standard\u002F03.rules\u002F12.integers-int\u002F2.int30-c",{"title":5095,"path":5096,"stem":5097},"INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fintegers-int\u002Fint31-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F12.integers-int\u002F3.int31-c",{"title":5099,"path":5100,"stem":5101},"INT32-C. Ensure that operations on signed integers do not result in overflow","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fintegers-int\u002Fint32-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F12.integers-int\u002F4.int32-c",{"title":5103,"path":5104,"stem":5105},"INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fintegers-int\u002Fint33-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F12.integers-int\u002F5.int33-c",{"title":5107,"path":5108,"stem":5109},"INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fintegers-int\u002Fint34-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F12.integers-int\u002F6.int34-c",{"title":5111,"path":5112,"stem":5113},"INT35-C. Use correct integer precisions","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fintegers-int\u002Fint35-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F12.integers-int\u002F7.int35-c",{"title":5115,"path":5116,"stem":5117},"INT36-C. Converting a pointer to integer or integer to pointer","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fintegers-int\u002Fint36-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F12.integers-int\u002F8.int36-c",{"title":5119,"path":5120,"stem":5121,"children":5122},"Memory Management (MEM)","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fmemory-management-mem","4.sei-cert-c-coding-standard\u002F03.rules\u002F13.memory-management-mem\u002F1.index",[5123,5124,5128,5132,5136,5140,5144],{"title":5119,"path":5120,"stem":5121},{"title":5125,"path":5126,"stem":5127},"MEM30-C. Do not access freed memory","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fmemory-management-mem\u002Fmem30-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F13.memory-management-mem\u002F2.mem30-c",{"title":5129,"path":5130,"stem":5131},"MEM31-C. Free dynamically allocated memory when no longer needed","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fmemory-management-mem\u002Fmem31-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F13.memory-management-mem\u002F3.mem31-c",{"title":5133,"path":5134,"stem":5135},"MEM33-C. Allocate and copy structures containing a flexible array member dynamically","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fmemory-management-mem\u002Fmem33-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F13.memory-management-mem\u002F4.mem33-c",{"title":5137,"path":5138,"stem":5139},"MEM34-C. Only free memory allocated dynamically","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fmemory-management-mem\u002Fmem34-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F13.memory-management-mem\u002F5.mem34-c",{"title":5141,"path":5142,"stem":5143},"MEM35-C. Allocate sufficient memory for an object","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fmemory-management-mem\u002Fmem35-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F13.memory-management-mem\u002F6.mem35-c",{"title":5145,"path":5146,"stem":5147},"MEM36-C. Do not modify the alignment of objects by calling realloc()","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fmemory-management-mem\u002Fmem36-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F13.memory-management-mem\u002F7.mem36-c",{"title":5149,"path":5150,"stem":5151,"children":5152},"Microsoft Windows (WIN)","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fmicrosoft-windows-win","4.sei-cert-c-coding-standard\u002F03.rules\u002F14.microsoft-windows-win\u002F1.index",[5153,5154],{"title":5149,"path":5150,"stem":5151},{"title":5155,"path":5156,"stem":5157},"WIN30-C. Properly pair allocation and deallocation functions","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fmicrosoft-windows-win\u002Fwin30-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F14.microsoft-windows-win\u002F2.win30-c",{"title":5159,"path":5160,"stem":5161,"children":5162},"Miscellaneous (MSC)","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fmiscellaneous-msc","4.sei-cert-c-coding-standard\u002F03.rules\u002F15.miscellaneous-msc\u002F1.index",[5163,5164,5168,5172,5176,5180,5184,5188,5192],{"title":5159,"path":5160,"stem":5161},{"title":5165,"path":5166,"stem":5167},"MSC30-C. Do not use the rand() function for generating pseudorandom numbers","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fmsc30-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F15.miscellaneous-msc\u002F2.msc30-c",{"title":5169,"path":5170,"stem":5171},"MSC32-C. Properly seed pseudorandom number generators","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fmsc32-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F15.miscellaneous-msc\u002F3.msc32-c",{"title":5173,"path":5174,"stem":5175},"MSC33-C. Do not pass invalid data to the asctime() function","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fmsc33-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F15.miscellaneous-msc\u002F4.msc33-c",{"title":5177,"path":5178,"stem":5179},"MSC37-C. Ensure that control never reaches the end of a non-void function","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fmsc37-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F15.miscellaneous-msc\u002F5.msc37-c",{"title":5181,"path":5182,"stem":5183},"MSC38-C. Do not treat a predefined identifier as an object if it might only be implemented as a macro","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fmsc38-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F15.miscellaneous-msc\u002F6.msc38-c",{"title":5185,"path":5186,"stem":5187},"MSC39-C. Do not call va_arg() on a va_list that has an indeterminate value","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fmsc39-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F15.miscellaneous-msc\u002F7.msc39-c",{"title":5189,"path":5190,"stem":5191},"MSC40-C. Do not violate constraints","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fmsc40-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F15.miscellaneous-msc\u002F8.msc40-c",{"title":5193,"path":5194,"stem":5195},"MSC41-C. Never hard code sensitive information","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fmiscellaneous-msc\u002Fmsc41-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F15.miscellaneous-msc\u002F9.msc41-c",{"title":5197,"path":5198,"stem":5199,"children":5200},"POSIX (POS)","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fposix-pos","4.sei-cert-c-coding-standard\u002F03.rules\u002F16.posix-pos\u002F01.index",[5201,5202,5206,5210,5214,5218,5222,5226,5230,5234,5238,5242,5246,5250,5254,5258,5262],{"title":5197,"path":5198,"stem":5199},{"title":5203,"path":5204,"stem":5205},"POS30-C. Use the readlink() function properly","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fposix-pos\u002Fpos30-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F16.posix-pos\u002F02.pos30-c",{"title":5207,"path":5208,"stem":5209},"POS34-C. Do not call putenv() with a pointer to an automatic variable as the argument","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fposix-pos\u002Fpos34-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F16.posix-pos\u002F03.pos34-c",{"title":5211,"path":5212,"stem":5213},"POS35-C. Avoid race conditions while checking for the existence of a symbolic link","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fposix-pos\u002Fpos35-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F16.posix-pos\u002F04.pos35-c",{"title":5215,"path":5216,"stem":5217},"POS36-C. Observe correct revocation order while relinquishing privileges","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fposix-pos\u002Fpos36-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F16.posix-pos\u002F05.pos36-c",{"title":5219,"path":5220,"stem":5221},"POS37-C. Ensure that privilege relinquishment is successful","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fposix-pos\u002Fpos37-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F16.posix-pos\u002F06.pos37-c",{"title":5223,"path":5224,"stem":5225},"POS38-C. Beware of race conditions when using fork and file descriptors","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fposix-pos\u002Fpos38-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F16.posix-pos\u002F07.pos38-c",{"title":5227,"path":5228,"stem":5229},"POS39-C. Use the correct byte ordering when transferring data between systems","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fposix-pos\u002Fpos39-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F16.posix-pos\u002F08.pos39-c",{"title":5231,"path":5232,"stem":5233},"POS44-C. Do not use signals to terminate threads","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fposix-pos\u002Fpos44-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F16.posix-pos\u002F09.pos44-c",{"title":5235,"path":5236,"stem":5237},"POS47-C. Do not use threads that can be canceled asynchronously","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fposix-pos\u002Fpos47-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F16.posix-pos\u002F10.pos47-c",{"title":5239,"path":5240,"stem":5241},"POS48-C. Do not unlock or destroy another POSIX thread's mutex","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fposix-pos\u002Fpos48-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F16.posix-pos\u002F11.pos48-c",{"title":5243,"path":5244,"stem":5245},"POS49-C. When data must be accessed by multiple threads, provide a mutex and guarantee no adjacent data is also accessed","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fposix-pos\u002Fpos49-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F16.posix-pos\u002F12.pos49-c",{"title":5247,"path":5248,"stem":5249},"POS50-C. Declare objects shared between POSIX threads with appropriate storage durations","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fposix-pos\u002Fpos50-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F16.posix-pos\u002F13.pos50-c",{"title":5251,"path":5252,"stem":5253},"POS51-C. Avoid deadlock with POSIX threads by locking in predefined order","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fposix-pos\u002Fpos51-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F16.posix-pos\u002F14.pos51-c",{"title":5255,"path":5256,"stem":5257},"POS52-C. Do not perform operations that can block while holding a POSIX lock","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fposix-pos\u002Fpos52-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F16.posix-pos\u002F15.pos52-c",{"title":5259,"path":5260,"stem":5261},"POS53-C. Do not use more than one mutex for concurrent waiting operations on a condition variable","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fposix-pos\u002Fpos53-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F16.posix-pos\u002F16.pos53-c",{"title":5263,"path":5264,"stem":5265},"POS54-C. Detect and handle POSIX library errors","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fposix-pos\u002Fpos54-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F16.posix-pos\u002F17.pos54-c",{"title":5267,"path":5268,"stem":5269,"children":5270},"Preprocessor (PRE)","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fpreprocessor-pre","4.sei-cert-c-coding-standard\u002F03.rules\u002F17.preprocessor-pre\u002F1.index",[5271,5272,5276,5280],{"title":5267,"path":5268,"stem":5269},{"title":5273,"path":5274,"stem":5275},"PRE30-C. Do not create a universal character name through concatenation","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fpreprocessor-pre\u002Fpre30-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F17.preprocessor-pre\u002F2.pre30-c",{"title":5277,"path":5278,"stem":5279},"PRE31-C. Avoid side effects in arguments to unsafe macros","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fpreprocessor-pre\u002Fpre31-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F17.preprocessor-pre\u002F3.pre31-c",{"title":5281,"path":5282,"stem":5283},"PRE32-C. Do not use preprocessor directives in invocations of function-like macros","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fpreprocessor-pre\u002Fpre32-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F17.preprocessor-pre\u002F4.pre32-c",{"title":5285,"path":5286,"stem":5287,"children":5288},"Signals (SIG)","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fsignals-sig","4.sei-cert-c-coding-standard\u002F03.rules\u002F18.signals-sig\u002F1.index",[5289,5290,5294,5298,5302],{"title":5285,"path":5286,"stem":5287},{"title":5291,"path":5292,"stem":5293},"SIG30-C. Call only asynchronous-safe functions within signal handlers","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fsignals-sig\u002Fsig30-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F18.signals-sig\u002F2.sig30-c",{"title":5295,"path":5296,"stem":5297},"SIG31-C. Do not access shared objects in signal handlers","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fsignals-sig\u002Fsig31-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F18.signals-sig\u002F3.sig31-c",{"title":5299,"path":5300,"stem":5301},"SIG34-C. Do not call signal() from within interruptible signal handlers","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fsignals-sig\u002Fsig34-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F18.signals-sig\u002F4.sig34-c",{"title":5303,"path":5304,"stem":5305},"SIG35-C. Do not return from a computational exception signal handler","\u002Fsei-cert-c-coding-standard\u002Frules\u002Fsignals-sig\u002Fsig35-c","4.sei-cert-c-coding-standard\u002F03.rules\u002F18.signals-sig\u002F5.sig35-c",{"title":5307,"path":5308,"stem":5309,"children":5310},"Back Matter","\u002Fsei-cert-c-coding-standard\u002Fback-matter","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F1.index",[5311,5312,5316,5320,5324,5328,5519,5576],{"title":5307,"path":5308,"stem":5309},{"title":5313,"path":5314,"stem":5315},"AA. Bibliography","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Faa-bibliography","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F2.aa-bibliography",{"title":5317,"path":5318,"stem":5319},"BB. Definitions","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fbb-definitions","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F3.bb-definitions",{"title":5321,"path":5322,"stem":5323},"CC. Undefined Behavior","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fcc-undefined-behavior","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F4.cc-undefined-behavior",{"title":5325,"path":5326,"stem":5327},"DD. Unspecified Behavior","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fdd-unspecified-behavior","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F5.dd-unspecified-behavior",{"title":5329,"path":5330,"stem":5331,"children":5332},"EE. Analyzers","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F01.index",[5333,5334,5336,5340,5344,5348,5352,5356,5360,5364,5368,5372,5376,5378,5382,5384,5388,5392,5394,5398,5402,5406,5410,5414,5418,5422,5426,5428,5432,5435,5439,5443,5447,5450,5454,5456,5460,5462,5466,5470,5474,5478,5482,5486,5488,5492,5494,5498,5502,5506,5509,5513,5515],{"title":5329,"path":5330,"stem":5331},{"title":3442,"path":3441,"stem":5335},"4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F02.astree",{"title":5337,"path":5338,"stem":5339},"Astrée_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fastree_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F03.astree_v",{"title":5341,"path":5342,"stem":5343},"Axivion Bauhaus Suite","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Faxivion-bauhaus-suite","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F04.axivion-bauhaus-suite",{"title":5345,"path":5346,"stem":5347},"Axivion Bauhaus Suite_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Faxivion-bauhaus-suite_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F05.axivion-bauhaus-suite_v",{"title":5349,"path":5350,"stem":5351},"Clang","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fclang","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F06.clang",{"title":5353,"path":5354,"stem":5355},"Clang_38_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fclang_38_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F07.clang_38_v",{"title":5357,"path":5358,"stem":5359},"Clang_39_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fclang_39_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F08.clang_39_v",{"title":5361,"path":5362,"stem":5363},"Clang_40_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fclang_40_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F09.clang_40_v",{"title":5365,"path":5366,"stem":5367},"Clang_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fclang_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F10.clang_v",{"title":5369,"path":5370,"stem":5371},"Codee","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fcodee","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F11.codee",{"title":5373,"path":5374,"stem":5375},"Codee_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fcodee_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F12.codee_v",{"title":3488,"path":3487,"stem":5377},"4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F13.codesonar",{"title":5379,"path":5380,"stem":5381},"CodeSonar_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fcodesonar_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F14.codesonar_v",{"title":3552,"path":3551,"stem":5383},"4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F15.coverity",{"title":5385,"path":5386,"stem":5387},"Coverity_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fcoverity_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F16.coverity_v",{"title":5389,"path":5390,"stem":5391},"Cppcheck","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fcppcheck","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F17.cppcheck",{"title":3591,"path":3590,"stem":5393},"4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F18.cppcheck-premium",{"title":5395,"path":5396,"stem":5397},"Cppcheck Premium_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fcppcheck-premium_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F19.cppcheck-premium_v",{"title":5399,"path":5400,"stem":5401},"Cppcheck_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fcppcheck_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F20.cppcheck_v",{"title":5403,"path":5404,"stem":5405},"ECLAIR","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Feclair","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F21.eclair",{"title":5407,"path":5408,"stem":5409},"ECLAIR_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Feclair_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F22.eclair_v",{"title":5411,"path":5412,"stem":5413},"EDG","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fedg","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F23.edg",{"title":5415,"path":5416,"stem":5417},"EDG_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fedg_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F24.edg_v",{"title":5419,"path":5420,"stem":5421},"GCC","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fgcc","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F25.gcc",{"title":5423,"path":5424,"stem":5425},"GCC_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fgcc_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F26.gcc_v",{"title":3644,"path":3643,"stem":5427},"4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F27.helix-qac",{"title":5429,"path":5430,"stem":5431},"Helix QAC_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fhelix-qac_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F28.helix-qac_v",{"title":3679,"path":5433,"stem":5434},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fklocwork","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F29.klocwork",{"title":5436,"path":5437,"stem":5438},"Klocwork_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fklocwork_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F30.klocwork_v",{"title":5440,"path":5441,"stem":5442},"LDRA","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fldra","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F31.ldra",{"title":5444,"path":5445,"stem":5446},"LDRA_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fldra_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F32.ldra_v",{"title":5448,"path":3733,"stem":5449},"Parasoft","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F33.parasoft",{"title":5451,"path":5452,"stem":5453},"Parasoft_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fparasoft_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F34.parasoft_v",{"title":3800,"path":3799,"stem":5455},"4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F35.pc-lint-plus",{"title":5457,"path":5458,"stem":5459},"PC-lint Plus_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fpc-lint-plus_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F36.pc-lint-plus_v",{"title":3829,"path":3828,"stem":5461},"4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F37.polyspace-bug-finder",{"title":5463,"path":5464,"stem":5465},"Polyspace Bug Finder_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fpolyspace-bug-finder_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F38.polyspace-bug-finder_v",{"title":5467,"path":5468,"stem":5469},"PVS-Studio","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fpvs-studio","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F39.pvs-studio",{"title":5471,"path":5472,"stem":5473},"PVS-Studio_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fpvs-studio_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F40.pvs-studio_v",{"title":5475,"path":5476,"stem":5477},"Rose","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Frose","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F41.rose",{"title":5479,"path":5480,"stem":5481},"Rose_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Frose_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F42.rose_v",{"title":5483,"path":5484,"stem":5485},"Rosecheckers Code","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Frosecheckers-code","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F43.rosecheckers-code",{"title":3947,"path":3946,"stem":5487},"4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F44.rulechecker",{"title":5489,"path":5490,"stem":5491},"RuleChecker_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Frulechecker_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F45.rulechecker_v",{"title":3887,"path":3886,"stem":5493},"4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F46.security-reviewer-static-reviewer",{"title":5495,"path":5496,"stem":5497},"Security Reviewer - Static Reviewer_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fsecurity-reviewer-static-reviewer_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F47.security-reviewer-static-reviewer_v",{"title":5499,"path":5500,"stem":5501},"SonarQube C\u002FC++ Plugin","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fsonarqube-ccpp-plugin","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F48.sonarqube-ccpp-plugin",{"title":5503,"path":5504,"stem":5505},"SonarQube C\u002FC++ Plugin_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fsonarqube-ccpp-plugin_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F49.sonarqube-ccpp-plugin_v",{"title":3918,"path":5507,"stem":5508},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fsplint","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F50.splint",{"title":5510,"path":5511,"stem":5512},"Splint_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Fsplint_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F51.splint_v",{"title":3978,"path":3977,"stem":5514},"4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F52.trustinsoft-analyzer",{"title":5516,"path":5517,"stem":5518},"TrustInSoft Analyzer_V","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fee-analyzers\u002Ftrustinsoft-analyzer_v","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F6.ee-analyzers\u002F53.trustinsoft-analyzer_v",{"title":5520,"path":5521,"stem":5522,"children":5523},"FF. Related Guidelines","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fff-related-guidelines","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F7.ff-related-guidelines\u002F01.index",[5524,5525,5529,5533,5537,5541,5545,5549,5553,5557,5560,5564,5568,5572],{"title":5520,"path":5521,"stem":5522},{"title":5526,"path":5527,"stem":5528},"2003","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fff-related-guidelines\u002F02.2003","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F7.ff-related-guidelines\u002F02.2003",{"title":5530,"path":5531,"stem":5532},"2006","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fff-related-guidelines\u002F03.2006","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F7.ff-related-guidelines\u002F03.2006",{"title":5534,"path":5535,"stem":5536},"2007","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fff-related-guidelines\u002F04.2007","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F7.ff-related-guidelines\u002F04.2007",{"title":5538,"path":5539,"stem":5540},"2008","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fff-related-guidelines\u002F05.2008","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F7.ff-related-guidelines\u002F05.2008",{"title":5542,"path":5543,"stem":5544},"2010","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fff-related-guidelines\u002F06.2010","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F7.ff-related-guidelines\u002F06.2010",{"title":5546,"path":5547,"stem":5548},"2011","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fff-related-guidelines\u002F07.2011","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F7.ff-related-guidelines\u002F07.2011",{"title":5550,"path":5551,"stem":5552},"2012","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fff-related-guidelines\u002F08.2012","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F7.ff-related-guidelines\u002F08.2012",{"title":5554,"path":5555,"stem":5556},"2013","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fff-related-guidelines\u002F09.2013","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F7.ff-related-guidelines\u002F09.2013",{"title":5554,"path":5558,"stem":5559},"\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fff-related-guidelines\u002F10.2013","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F7.ff-related-guidelines\u002F10.2013",{"title":5561,"path":5562,"stem":5563},"MITRE CWE","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fff-related-guidelines\u002Fmitre-cwe","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F7.ff-related-guidelines\u002F11.mitre-cwe",{"title":5565,"path":5566,"stem":5567},"MITRE CWE 2.11","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fff-related-guidelines\u002Fmitre-cwe-211","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F7.ff-related-guidelines\u002F12.mitre-cwe-211",{"title":5569,"path":5570,"stem":5571},"MITRE CWE 3.1","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fff-related-guidelines\u002Fmitre-cwe-31","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F7.ff-related-guidelines\u002F13.mitre-cwe-31",{"title":5573,"path":5574,"stem":5575},"MITRE CWE 3.11","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fff-related-guidelines\u002Fmitre-cwe-311","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F7.ff-related-guidelines\u002F14.mitre-cwe-311",{"title":5577,"path":5578,"stem":5579},"GG. Risk Assessments","\u002Fsei-cert-c-coding-standard\u002Fback-matter\u002Fgg-risk-assessments","4.sei-cert-c-coding-standard\u002F04.back-matter\u002F8.gg-risk-assessments",{"title":5581,"path":5582,"stem":5583,"children":5584},"Admin","\u002Fsei-cert-c-coding-standard\u002Fadmin","4.sei-cert-c-coding-standard\u002F05.admin\u002F1.index",[5585,5586,5590],{"title":5581,"path":5582,"stem":5583},{"title":5587,"path":5588,"stem":5589},"TODO List","\u002Fsei-cert-c-coding-standard\u002Fadmin\u002Ftodo-list","4.sei-cert-c-coding-standard\u002F05.admin\u002F2.todo-list",{"title":5591,"path":5592,"stem":5593},"Undefined and implementation-defined behaviors not deemed ruleworthy","\u002Fsei-cert-c-coding-standard\u002Fadmin\u002Fundefined-and-implementation-defined-behaviors-not-deemed-ruleworthy","4.sei-cert-c-coding-standard\u002F05.admin\u002F3.undefined-and-implementation-defined-behaviors-not-deemed-ruleworthy",{"title":5595,"path":5596,"stem":5597},"Coding Style Guidelines","\u002Fsei-cert-c-coding-standard\u002Fcoding-style-guidelines","4.sei-cert-c-coding-standard\u002F05.coding-style-guidelines",{"title":5599,"path":5600,"stem":5601},"Errata for SEI CERT C Coding Standard (2016 Edition)","\u002Fsei-cert-c-coding-standard\u002Ferrata-for-sei-cert-c-coding-standard-2016-edition","4.sei-cert-c-coding-standard\u002F06.errata-for-sei-cert-c-coding-standard-2016-edition",{"title":5603,"path":5604,"stem":5605},"Wiki Contents","\u002Fsei-cert-c-coding-standard\u002Fwiki-contents","4.sei-cert-c-coding-standard\u002F06.wiki-contents",{"title":5607,"path":5608,"stem":5609,"children":5610},"Recommendations","\u002Fsei-cert-c-coding-standard\u002Frecommendations","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F01.index",[5611,5612,5651,5666,5711,5752,5849,5866,5899,5968,6005,6090,6153,6202,6227,6320,6341,6398],{"title":5607,"path":5608,"stem":5609},{"title":4734,"path":5613,"stem":5614,"children":5615},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fapplication-programming-interfaces-api","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F02.application-programming-interfaces-api\u002F01.index",[5616,5617,5619,5623,5627,5631,5635,5639,5643,5647],{"title":4734,"path":5613,"stem":5614},{"title":4069,"path":4068,"stem":5618},"4.sei-cert-c-coding-standard\u002F08.recommendations\u002F02.application-programming-interfaces-api\u002F02.api00-c",{"title":5620,"path":5621,"stem":5622},"API01-C. Avoid laying out strings in memory directly before sensitive data","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fapplication-programming-interfaces-api\u002Fapi01-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F02.application-programming-interfaces-api\u002F03.api01-c",{"title":5624,"path":5625,"stem":5626},"API02-C. Functions that read or write to or from an array should take an argument to specify the source or target size","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fapplication-programming-interfaces-api\u002Fapi02-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F02.application-programming-interfaces-api\u002F04.api02-c",{"title":5628,"path":5629,"stem":5630},"API03-C. Create consistent interfaces and capabilities across related functions","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fapplication-programming-interfaces-api\u002Fapi03-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F02.application-programming-interfaces-api\u002F05.api03-c",{"title":5632,"path":5633,"stem":5634},"API04-C. Provide a consistent and usable error-checking mechanism","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fapplication-programming-interfaces-api\u002Fapi04-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F02.application-programming-interfaces-api\u002F06.api04-c",{"title":5636,"path":5637,"stem":5638},"API05-C. Use conformant array parameters","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fapplication-programming-interfaces-api\u002Fapi05-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F02.application-programming-interfaces-api\u002F07.api05-c",{"title":5640,"path":5641,"stem":5642},"API07-C. Enforce type safety","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fapplication-programming-interfaces-api\u002Fapi07-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F02.application-programming-interfaces-api\u002F08.api07-c",{"title":5644,"path":5645,"stem":5646},"API09-C. Compatible values should have the same type","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fapplication-programming-interfaces-api\u002Fapi09-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F02.application-programming-interfaces-api\u002F09.api09-c",{"title":5648,"path":5649,"stem":5650},"API10-C. APIs should have security options enabled by default","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fapplication-programming-interfaces-api\u002Fapi10-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F02.application-programming-interfaces-api\u002F10.api10-c",{"title":4738,"path":5652,"stem":5653,"children":5654},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Farrays-arr","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F03.arrays-arr\u002F1.index",[5655,5656,5660,5662],{"title":4738,"path":5652,"stem":5653},{"title":5657,"path":5658,"stem":5659},"ARR00-C. Understand how arrays work","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Farrays-arr\u002Farr00-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F03.arrays-arr\u002F2.arr00-c",{"title":4085,"path":4084,"stem":5661},"4.sei-cert-c-coding-standard\u002F08.recommendations\u002F03.arrays-arr\u002F3.arr01-c",{"title":5663,"path":5664,"stem":5665},"ARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Farrays-arr\u002Farr02-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F03.arrays-arr\u002F4.arr02-c",{"title":4759,"path":5667,"stem":5668,"children":5669},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fcharacters-and-strings-str","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F04.characters-and-strings-str\u002F01.index",[5670,5671,5675,5679,5683,5687,5691,5695,5699,5703,5707],{"title":4759,"path":5667,"stem":5668},{"title":5672,"path":5673,"stem":5674},"STR00-C. Represent characters using an appropriate type","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fcharacters-and-strings-str\u002Fstr00-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F04.characters-and-strings-str\u002F02.str00-c",{"title":5676,"path":5677,"stem":5678},"STR01-C. Adopt and implement a consistent plan for managing strings","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fcharacters-and-strings-str\u002Fstr01-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F04.characters-and-strings-str\u002F03.str01-c",{"title":5680,"path":5681,"stem":5682},"STR02-C. Sanitize data passed to complex subsystems","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fcharacters-and-strings-str\u002Fstr02-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F04.characters-and-strings-str\u002F04.str02-c",{"title":5684,"path":5685,"stem":5686},"STR03-C. Do not inadvertently truncate a string","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fcharacters-and-strings-str\u002Fstr03-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F04.characters-and-strings-str\u002F05.str03-c",{"title":5688,"path":5689,"stem":5690},"STR04-C. Use plain char for characters in the basic character set","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fcharacters-and-strings-str\u002Fstr04-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F04.characters-and-strings-str\u002F06.str04-c",{"title":5692,"path":5693,"stem":5694},"STR05-C. Use pointers to const when referring to string literals","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fcharacters-and-strings-str\u002Fstr05-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F04.characters-and-strings-str\u002F07.str05-c",{"title":5696,"path":5697,"stem":5698},"STR06-C. Do not assume that strtok() leaves the parse string unchanged","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fcharacters-and-strings-str\u002Fstr06-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F04.characters-and-strings-str\u002F08.str06-c",{"title":5700,"path":5701,"stem":5702},"STR09-C. Don't assume numeric values for expressions with type plain character","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fcharacters-and-strings-str\u002Fstr09-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F04.characters-and-strings-str\u002F09.str09-c",{"title":5704,"path":5705,"stem":5706},"STR10-C. Do not concatenate different type of string literals","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fcharacters-and-strings-str\u002Fstr10-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F04.characters-and-strings-str\u002F10.str10-c",{"title":5708,"path":5709,"stem":5710},"STR11-C. Do not specify the bound of a character array initialized with a string literal","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fcharacters-and-strings-str\u002Fstr11-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F04.characters-and-strings-str\u002F11.str11-c",{"title":4789,"path":5712,"stem":5713,"children":5714},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fconcurrency-con","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F05.concurrency-con\u002F01.index",[5715,5716,5720,5724,5728,5732,5736,5740,5744,5748],{"title":4789,"path":5712,"stem":5713},{"title":5717,"path":5718,"stem":5719},"CON01-C. Acquire and release synchronization primitives in the same module, at the same level of abstraction","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fconcurrency-con\u002Fcon01-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F05.concurrency-con\u002F02.con01-c",{"title":5721,"path":5722,"stem":5723},"CON02-C. Do not use volatile as a synchronization primitive","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fconcurrency-con\u002Fcon02-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F05.concurrency-con\u002F03.con02-c",{"title":5725,"path":5726,"stem":5727},"CON03-C. Ensure visibility when accessing shared variables","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fconcurrency-con\u002Fcon03-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F05.concurrency-con\u002F04.con03-c",{"title":5729,"path":5730,"stem":5731},"CON04-C. Join or detach threads even if their exit status is unimportant","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fconcurrency-con\u002Fcon04-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F05.concurrency-con\u002F05.con04-c",{"title":5733,"path":5734,"stem":5735},"CON05-C. Do not perform operations that can block while holding a lock","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fconcurrency-con\u002Fcon05-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F05.concurrency-con\u002F06.con05-c",{"title":5737,"path":5738,"stem":5739},"CON06-C. Ensure that every mutex outlives the data it protects","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fconcurrency-con\u002Fcon06-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F05.concurrency-con\u002F07.con06-c",{"title":5741,"path":5742,"stem":5743},"CON07-C. Ensure that compound operations on shared variables are atomic","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fconcurrency-con\u002Fcon07-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F05.concurrency-con\u002F08.con07-c",{"title":5745,"path":5746,"stem":5747},"CON08-C. Do not assume that a group of calls to independently atomic methods is atomic","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fconcurrency-con\u002Fcon08-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F05.concurrency-con\u002F09.con08-c",{"title":5749,"path":5750,"stem":5751},"CON09-C. Avoid the ABA problem when using lock-free algorithms","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fconcurrency-con\u002Fcon09-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F05.concurrency-con\u002F10.con09-c",{"title":4851,"path":5753,"stem":5754,"children":5755},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F01.index",[5756,5757,5761,5765,5769,5773,5777,5781,5785,5789,5793,5797,5801,5805,5809,5813,5817,5821,5825,5829,5833,5837,5841,5845],{"title":4851,"path":5753,"stem":5754},{"title":5758,"path":5759,"stem":5760},"DCL00-C. Const-qualify immutable objects","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl00-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F02.dcl00-c",{"title":5762,"path":5763,"stem":5764},"DCL01-C. Do not reuse variable names in subscopes","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl01-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F03.dcl01-c",{"title":5766,"path":5767,"stem":5768},"DCL02-C. Use visually distinct identifiers","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl02-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F04.dcl02-c",{"title":5770,"path":5771,"stem":5772},"DCL03-C. Use a static assertion to test the value of a constant expression","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl03-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F05.dcl03-c",{"title":5774,"path":5775,"stem":5776},"DCL04-C. Do not declare more than one variable per declaration","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl04-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F06.dcl04-c",{"title":5778,"path":5779,"stem":5780},"DCL05-C. Use typedefs of non-pointer types only","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl05-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F07.dcl05-c",{"title":5782,"path":5783,"stem":5784},"DCL06-C. Use meaningful symbolic constants to represent literal values","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl06-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F08.dcl06-c",{"title":5786,"path":5787,"stem":5788},"DCL07-C. Include the appropriate type information in function declarators","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl07-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F09.dcl07-c",{"title":5790,"path":5791,"stem":5792},"DCL08-C. Properly encode relationships in constant definitions","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl08-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F10.dcl08-c",{"title":5794,"path":5795,"stem":5796},"DCL09-C. Declare functions that return errno with a return type of errno_t","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl09-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F11.dcl09-c",{"title":5798,"path":5799,"stem":5800},"DCL10-C. Maintain the contract between the writer and caller of variadic functions","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl10-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F12.dcl10-c",{"title":5802,"path":5803,"stem":5804},"DCL11-C. Understand the type issues associated with variadic functions","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl11-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F13.dcl11-c",{"title":5806,"path":5807,"stem":5808},"DCL12-C. Implement abstract data types using opaque types","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl12-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F14.dcl12-c",{"title":5810,"path":5811,"stem":5812},"DCL13-C. Declare function parameters that are pointers to values not changed by the function as const","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl13-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F15.dcl13-c",{"title":5814,"path":5815,"stem":5816},"DCL15-C. Declare file-scope objects or functions that do not need external linkage as static","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl15-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F16.dcl15-c",{"title":5818,"path":5819,"stem":5820},"DCL16-C. Use \"L,\" not \"l,\" to indicate a long value","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl16-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F17.dcl16-c",{"title":5822,"path":5823,"stem":5824},"DCL17-C. Beware of miscompiled volatile-qualified variables","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl17-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F18.dcl17-c",{"title":5826,"path":5827,"stem":5828},"DCL18-C. Do not begin integer constants with 0 when specifying a decimal value","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl18-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F19.dcl18-c",{"title":5830,"path":5831,"stem":5832},"DCL19-C. Minimize the scope of variables and functions","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl19-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F20.dcl19-c",{"title":5834,"path":5835,"stem":5836},"DCL20-C. Explicitly specify void when a function accepts no arguments","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl20-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F21.dcl20-c",{"title":5838,"path":5839,"stem":5840},"DCL21-C. Understand the storage of compound literals","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl21-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F22.dcl21-c",{"title":5842,"path":5843,"stem":5844},"DCL22-C. Use volatile for data that cannot be cached","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl22-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F23.dcl22-c",{"title":5846,"path":5847,"stem":5848},"DCL23-C. Guarantee that mutually visible identifiers are unique","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl23-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F06.declarations-and-initialization-dcl\u002F24.dcl23-c",{"title":4889,"path":5850,"stem":5851,"children":5852},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fenvironment-env","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F07.environment-env\u002F1.index",[5853,5854,5858,5862],{"title":4889,"path":5850,"stem":5851},{"title":5855,"path":5856,"stem":5857},"ENV01-C. Do not make assumptions about the size of an environment variable","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fenvironment-env\u002Fenv01-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F07.environment-env\u002F2.env01-c",{"title":5859,"path":5860,"stem":5861},"ENV02-C. Beware of multiple environment variables with the same effective name","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fenvironment-env\u002Fenv02-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F07.environment-env\u002F3.env02-c",{"title":5863,"path":5864,"stem":5865},"ENV03-C. Sanitize the environment when invoking external programs","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fenvironment-env\u002Fenv03-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F07.environment-env\u002F4.env03-c",{"title":4915,"path":5867,"stem":5868,"children":5869},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Ferror-handling-err","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F08.error-handling-err\u002F1.index",[5870,5871,5875,5879,5883,5887,5891,5895],{"title":4915,"path":5867,"stem":5868},{"title":5872,"path":5873,"stem":5874},"ERR00-C. Adopt and implement a consistent and comprehensive error-handling policy","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Ferror-handling-err\u002Ferr00-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F08.error-handling-err\u002F2.err00-c",{"title":5876,"path":5877,"stem":5878},"ERR01-C. Use ferror() rather than errno to check for FILE stream errors","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Ferror-handling-err\u002Ferr01-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F08.error-handling-err\u002F3.err01-c",{"title":5880,"path":5881,"stem":5882},"ERR02-C. Avoid in-band error indicators","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Ferror-handling-err\u002Ferr02-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F08.error-handling-err\u002F4.err02-c",{"title":5884,"path":5885,"stem":5886},"ERR04-C. Choose an appropriate termination strategy","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Ferror-handling-err\u002Ferr04-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F08.error-handling-err\u002F5.err04-c",{"title":5888,"path":5889,"stem":5890},"ERR05-C. Application-independent code should provide error detection without dictating error handling","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Ferror-handling-err\u002Ferr05-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F08.error-handling-err\u002F6.err05-c",{"title":5892,"path":5893,"stem":5894},"ERR06-C. Understand the termination behavior of assert() and abort()","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Ferror-handling-err\u002Ferr06-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F08.error-handling-err\u002F7.err06-c",{"title":5896,"path":5897,"stem":5898},"ERR07-C. Prefer functions that support error checking over equivalent functions that don't","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Ferror-handling-err\u002Ferr07-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F08.error-handling-err\u002F8.err07-c",{"title":4937,"path":5900,"stem":5901,"children":5902},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fexpressions-exp","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F09.expressions-exp\u002F01.index",[5903,5904,5908,5912,5916,5920,5924,5928,5932,5936,5940,5944,5948,5952,5956,5960,5964],{"title":4937,"path":5900,"stem":5901},{"title":5905,"path":5906,"stem":5907},"EXP00-C. Use parentheses for precedence of operation","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp00-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F09.expressions-exp\u002F02.exp00-c",{"title":5909,"path":5910,"stem":5911},"EXP02-C. Be aware of the short-circuit behavior of the logical AND and OR operators","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp02-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F09.expressions-exp\u002F03.exp02-c",{"title":5913,"path":5914,"stem":5915},"EXP03-C. Do not assume the size of a structure is the sum of the sizes of its members","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp03-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F09.expressions-exp\u002F04.exp03-c",{"title":5917,"path":5918,"stem":5919},"EXP05-C. Do not cast away a const qualification","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp05-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F09.expressions-exp\u002F05.exp05-c",{"title":5921,"path":5922,"stem":5923},"EXP07-C. Do not diminish the benefits of constants by assuming their values in expressions","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp07-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F09.expressions-exp\u002F06.exp07-c",{"title":5925,"path":5926,"stem":5927},"EXP08-C. Ensure pointer arithmetic is used correctly","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp08-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F09.expressions-exp\u002F07.exp08-c",{"title":5929,"path":5930,"stem":5931},"EXP09-C. Use sizeof to determine the size of a type or variable","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp09-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F09.expressions-exp\u002F08.exp09-c",{"title":5933,"path":5934,"stem":5935},"EXP10-C. Do not depend on the order of evaluation of subexpressions or the order in which side effects take place","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp10-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F09.expressions-exp\u002F09.exp10-c",{"title":5937,"path":5938,"stem":5939},"EXP11-C. Do not make assumptions regarding the layout of structures with bit-fields","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp11-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F09.expressions-exp\u002F10.exp11-c",{"title":5941,"path":5942,"stem":5943},"EXP12-C. Do not ignore values returned by functions","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp12-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F09.expressions-exp\u002F11.exp12-c",{"title":5945,"path":5946,"stem":5947},"EXP13-C. Treat relational and equality operators as if they were nonassociative","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp13-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F09.expressions-exp\u002F12.exp13-c",{"title":5949,"path":5950,"stem":5951},"EXP14-C. Beware of integer promotion when performing bitwise operations on integer types smaller than int","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp14-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F09.expressions-exp\u002F13.exp14-c",{"title":5953,"path":5954,"stem":5955},"EXP15-C. Do not place a semicolon on the same line as an if, for, or while statement","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp15-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F09.expressions-exp\u002F14.exp15-c",{"title":5957,"path":5958,"stem":5959},"EXP16-C. Do not compare function pointers to constant values","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp16-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F09.expressions-exp\u002F15.exp16-c",{"title":5961,"path":5962,"stem":5963},"EXP19-C. Use braces for the body of an if, for, or while statement","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp19-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F09.expressions-exp\u002F16.exp19-c",{"title":5965,"path":5966,"stem":5967},"EXP20-C. Perform explicit tests to determine success, true and false, and equality","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fexpressions-exp\u002Fexp20-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F09.expressions-exp\u002F17.exp20-c",{"title":5003,"path":5969,"stem":5970,"children":5971},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Ffloating-point-flp","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F10.floating-point-flp\u002F1.index",[5972,5973,5977,5981,5985,5989,5993,5997,6001],{"title":5003,"path":5969,"stem":5970},{"title":5974,"path":5975,"stem":5976},"FLP00-C. Understand the limitations of floating-point numbers","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Ffloating-point-flp\u002Fflp00-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F10.floating-point-flp\u002F2.flp00-c",{"title":5978,"path":5979,"stem":5980},"FLP01-C. Take care in rearranging floating-point expressions","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Ffloating-point-flp\u002Fflp01-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F10.floating-point-flp\u002F3.flp01-c",{"title":5982,"path":5983,"stem":5984},"FLP02-C. Avoid using floating-point numbers when precise computation is needed","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Ffloating-point-flp\u002Fflp02-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F10.floating-point-flp\u002F4.flp02-c",{"title":5986,"path":5987,"stem":5988},"FLP03-C. Detect and handle floating-point errors","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Ffloating-point-flp\u002Fflp03-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F10.floating-point-flp\u002F5.flp03-c",{"title":5990,"path":5991,"stem":5992},"FLP04-C. Check floating-point inputs for exceptional values","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Ffloating-point-flp\u002Fflp04-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F10.floating-point-flp\u002F6.flp04-c",{"title":5994,"path":5995,"stem":5996},"FLP05-C. Do not use denormalized numbers","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Ffloating-point-flp\u002Fflp05-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F10.floating-point-flp\u002F7.flp05-c",{"title":5998,"path":5999,"stem":6000},"FLP06-C. Convert integers to floating point for floating-point operations","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Ffloating-point-flp\u002Fflp06-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F10.floating-point-flp\u002F8.flp06-c",{"title":6002,"path":6003,"stem":6004},"FLP07-C. Cast the return value of a function that returns a floating-point type","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Ffloating-point-flp\u002Fflp07-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F10.floating-point-flp\u002F9.flp07-c",{"title":5029,"path":6006,"stem":6007,"children":6008},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F01.index",[6009,6010,6014,6018,6022,6026,6030,6034,6038,6042,6046,6050,6054,6058,6062,6066,6070,6074,6078,6082,6086],{"title":5029,"path":6006,"stem":6007},{"title":6011,"path":6012,"stem":6013},"FIO01-C. Be careful using functions that use file names for identification","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio01-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F02.fio01-c",{"title":6015,"path":6016,"stem":6017},"FIO02-C. Canonicalize path names originating from tainted sources","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio02-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F03.fio02-c",{"title":6019,"path":6020,"stem":6021},"FIO03-C. Do not make assumptions about fopen() and file creation","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio03-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F04.fio03-c",{"title":6023,"path":6024,"stem":6025},"FIO05-C. Identify files using multiple file attributes","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio05-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F05.fio05-c",{"title":6027,"path":6028,"stem":6029},"FIO06-C. Create files with appropriate access permissions","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio06-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F06.fio06-c",{"title":6031,"path":6032,"stem":6033},"FIO08-C. Take care when calling remove() on an open file","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio08-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F07.fio08-c",{"title":6035,"path":6036,"stem":6037},"FIO09-C. Be careful with binary data when transferring data across systems","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio09-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F08.fio09-c",{"title":6039,"path":6040,"stem":6041},"FIO10-C. Take care when using the rename() function","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio10-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F09.fio10-c",{"title":6043,"path":6044,"stem":6045},"FIO11-C. Take care when specifying the mode parameter of fopen()","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio11-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F10.fio11-c",{"title":6047,"path":6048,"stem":6049},"FIO13-C. Never push back anything other than one read character","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio13-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F11.fio13-c",{"title":6051,"path":6052,"stem":6053},"FIO14-C. Understand the difference between text mode and binary mode with file streams","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio14-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F12.fio14-c",{"title":6055,"path":6056,"stem":6057},"FIO15-C. Ensure that file operations are performed in a secure directory","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio15-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F13.fio15-c",{"title":6059,"path":6060,"stem":6061},"FIO17-C. Do not rely on an ending null character when using fread()","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio17-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F14.fio17-c",{"title":6063,"path":6064,"stem":6065},"FIO18-C. Never expect fwrite() to terminate the writing process at a null character","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio18-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F15.fio18-c",{"title":6067,"path":6068,"stem":6069},"FIO19-C. Do not use fseek() and ftell() to compute the size of a regular file","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio19-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F16.fio19-c",{"title":6071,"path":6072,"stem":6073},"FIO20-C. Avoid unintentional truncation when using fgets() or fgetws()","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio20-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F17.fio20-c",{"title":6075,"path":6076,"stem":6077},"FIO21-C. Do not create temporary files in shared directories","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio21-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F18.fio21-c",{"title":6079,"path":6080,"stem":6081},"FIO22-C. Close files before spawning processes","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio22-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F19.fio22-c",{"title":6083,"path":6084,"stem":6085},"FIO23-C. Do not exit with unflushed data in stdout or stderr","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio23-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F20.fio23-c",{"title":6087,"path":6088,"stem":6089},"FIO24-C. Do not open a file that is already open","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Finput-output-fio\u002Ffio24-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F11.input-output-fio\u002F21.fio24-c",{"title":5087,"path":6091,"stem":6092,"children":6093},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fintegers-int","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F12.integers-int\u002F01.index",[6094,6095,6099,6103,6105,6109,6113,6117,6121,6125,6129,6133,6137,6141,6145,6149],{"title":5087,"path":6091,"stem":6092},{"title":6096,"path":6097,"stem":6098},"INT00-C. Understand the data model used by your implementation(s)","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fintegers-int\u002Fint00-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F12.integers-int\u002F02.int00-c",{"title":6100,"path":6101,"stem":6102},"INT01-C. Use size_t or rsize_t for all integer values representing the size of an object","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fintegers-int\u002Fint01-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F12.integers-int\u002F03.int01-c",{"title":2965,"path":2964,"stem":6104},"4.sei-cert-c-coding-standard\u002F08.recommendations\u002F12.integers-int\u002F05.int04-c",{"title":6106,"path":6107,"stem":6108},"INT05-C. Do not use input functions to convert character data if they cannot handle all possible inputs","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fintegers-int\u002Fint05-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F12.integers-int\u002F06.int05-c",{"title":6110,"path":6111,"stem":6112},"INT07-C. Use only explicitly signed or unsigned char type for numeric values","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fintegers-int\u002Fint07-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F12.integers-int\u002F07.int07-c",{"title":6114,"path":6115,"stem":6116},"INT08-C. Verify that all integer values are in range","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fintegers-int\u002Fint08-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F12.integers-int\u002F08.int08-c",{"title":6118,"path":6119,"stem":6120},"INT09-C. Ensure enumeration constants map to unique values","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fintegers-int\u002Fint09-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F12.integers-int\u002F09.int09-c",{"title":6122,"path":6123,"stem":6124},"INT10-C. Do not assume a positive remainder when using the % operator","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fintegers-int\u002Fint10-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F12.integers-int\u002F10.int10-c",{"title":6126,"path":6127,"stem":6128},"INT12-C. Do not make assumptions about the type of a plain int bit-field when used in an expression","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fintegers-int\u002Fint12-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F12.integers-int\u002F11.int12-c",{"title":6130,"path":6131,"stem":6132},"INT13-C. Use bitwise operators only on unsigned operands","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fintegers-int\u002Fint13-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F12.integers-int\u002F12.int13-c",{"title":6134,"path":6135,"stem":6136},"INT14-C. Avoid performing bitwise and arithmetic operations on the same data","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fintegers-int\u002Fint14-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F12.integers-int\u002F13.int14-c",{"title":6138,"path":6139,"stem":6140},"INT15-C. Use intmax_t or uintmax_t for formatted IO on programmer-defined integer types","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fintegers-int\u002Fint15-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F12.integers-int\u002F14.int15-c",{"title":6142,"path":6143,"stem":6144},"INT16-C. Do not make assumptions about representation of signed integers","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fintegers-int\u002Fint16-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F12.integers-int\u002F15.int16-c",{"title":6146,"path":6147,"stem":6148},"INT17-C. Define integer constants in an implementation-independent manner","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fintegers-int\u002Fint17-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F12.integers-int\u002F16.int17-c",{"title":6150,"path":6151,"stem":6152},"INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fintegers-int\u002Fint18-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F12.integers-int\u002F17.int18-c",{"title":5119,"path":6154,"stem":6155,"children":6156},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmemory-management-mem","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F13.memory-management-mem\u002F01.index",[6157,6158,6162,6166,6170,6174,6178,6182,6186,6190,6194,6198],{"title":5119,"path":6154,"stem":6155},{"title":6159,"path":6160,"stem":6161},"MEM00-C. Allocate and free memory in the same module, at the same level of abstraction","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmemory-management-mem\u002Fmem00-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F13.memory-management-mem\u002F02.mem00-c",{"title":6163,"path":6164,"stem":6165},"MEM01-C. Store a new value in pointers immediately after free()","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmemory-management-mem\u002Fmem01-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F13.memory-management-mem\u002F03.mem01-c",{"title":6167,"path":6168,"stem":6169},"MEM02-C. Immediately cast the result of a memory allocation function call into a pointer to the allocated type","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmemory-management-mem\u002Fmem02-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F13.memory-management-mem\u002F04.mem02-c",{"title":6171,"path":6172,"stem":6173},"MEM03-C. Clear sensitive information stored in reusable resources","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmemory-management-mem\u002Fmem03-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F13.memory-management-mem\u002F05.mem03-c",{"title":6175,"path":6176,"stem":6177},"MEM04-C. Beware of zero-length allocations","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmemory-management-mem\u002Fmem04-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F13.memory-management-mem\u002F06.mem04-c",{"title":6179,"path":6180,"stem":6181},"MEM05-C. Avoid large stack allocations","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmemory-management-mem\u002Fmem05-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F13.memory-management-mem\u002F07.mem05-c",{"title":6183,"path":6184,"stem":6185},"MEM06-C. Ensure that sensitive data is not written out to disk","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmemory-management-mem\u002Fmem06-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F13.memory-management-mem\u002F08.mem06-c",{"title":6187,"path":6188,"stem":6189},"MEM07-C. Ensure that the arguments to calloc(), when multiplied, do not wrap","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmemory-management-mem\u002Fmem07-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F13.memory-management-mem\u002F09.mem07-c",{"title":6191,"path":6192,"stem":6193},"MEM10-C. Define and use a pointer validation function","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmemory-management-mem\u002Fmem10-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F13.memory-management-mem\u002F10.mem10-c",{"title":6195,"path":6196,"stem":6197},"MEM11-C. Do not assume infinite heap space","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmemory-management-mem\u002Fmem11-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F13.memory-management-mem\u002F11.mem11-c",{"title":6199,"path":6200,"stem":6201},"MEM12-C. Consider using a goto chain when leaving a function on error when using and releasing resources","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmemory-management-mem\u002Fmem12-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F13.memory-management-mem\u002F12.mem12-c",{"title":5149,"path":6203,"stem":6204,"children":6205},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmicrosoft-windows-win","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F14.microsoft-windows-win\u002F1.index",[6206,6207,6211,6215,6219,6223],{"title":5149,"path":6203,"stem":6204},{"title":6208,"path":6209,"stem":6210},"WIN00-C. Be specific when dynamically loading libraries","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmicrosoft-windows-win\u002Fwin00-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F14.microsoft-windows-win\u002F2.win00-c",{"title":6212,"path":6213,"stem":6214},"WIN01-C. Do not forcibly terminate execution","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmicrosoft-windows-win\u002Fwin01-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F14.microsoft-windows-win\u002F3.win01-c",{"title":6216,"path":6217,"stem":6218},"WIN02-C. Restrict privileges when spawning child processes","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmicrosoft-windows-win\u002Fwin02-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F14.microsoft-windows-win\u002F4.win02-c",{"title":6220,"path":6221,"stem":6222},"WIN03-C. Understand HANDLE inheritance","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmicrosoft-windows-win\u002Fwin03-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F14.microsoft-windows-win\u002F5.win03-c",{"title":6224,"path":6225,"stem":6226},"WIN04-C. Consider encrypting function pointers","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmicrosoft-windows-win\u002Fwin04-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F14.microsoft-windows-win\u002F6.win04-c",{"title":5159,"path":6228,"stem":6229,"children":6230},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F01.index",[6231,6232,6236,6240,6244,6248,6252,6256,6260,6264,6268,6272,6276,6280,6284,6288,6292,6296,6300,6304,6308,6312,6316],{"title":5159,"path":6228,"stem":6229},{"title":6233,"path":6234,"stem":6235},"MSC00-C. Compile cleanly at high warning levels","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc00-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F02.msc00-c",{"title":6237,"path":6238,"stem":6239},"MSC01-C. Strive for logical completeness","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc01-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F03.msc01-c",{"title":6241,"path":6242,"stem":6243},"MSC04-C. Use comments consistently and in a readable fashion","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc04-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F04.msc04-c",{"title":6245,"path":6246,"stem":6247},"MSC05-C. Do not manipulate time_t typed values directly","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc05-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F05.msc05-c",{"title":6249,"path":6250,"stem":6251},"MSC06-C. Beware of compiler optimizations","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc06-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F06.msc06-c",{"title":6253,"path":6254,"stem":6255},"MSC07-C. Detect and remove dead code","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc07-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F07.msc07-c",{"title":6257,"path":6258,"stem":6259},"UTF8-related issues","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Futf8-related-issues","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F08.utf8-related-issues",{"title":6261,"path":6262,"stem":6263},"MSC11-C. Incorporate diagnostic tests using assertions","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc11-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F09.msc11-c",{"title":6265,"path":6266,"stem":6267},"MSC12-C. Detect and remove code that has no effect or is never executed","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc12-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F10.msc12-c",{"title":6269,"path":6270,"stem":6271},"MSC13-C. Detect and remove unused values","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc13-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F11.msc13-c",{"title":6273,"path":6274,"stem":6275},"MSC14-C. Do not introduce unnecessary platform dependencies","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc14-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F12.msc14-c",{"title":6277,"path":6278,"stem":6279},"MSC15-C. Do not depend on undefined behavior","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc15-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F13.msc15-c",{"title":6281,"path":6282,"stem":6283},"MSC17-C. Finish every set of statements associated with a case label with a break statement","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc17-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F14.msc17-c",{"title":6285,"path":6286,"stem":6287},"MSC18-C. Be careful while handling sensitive data, such as passwords, in program code","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc18-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F15.msc18-c",{"title":6289,"path":6290,"stem":6291},"MSC19-C. For functions that return an array, prefer returning an empty array over a null value","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc19-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F16.msc19-c",{"title":6293,"path":6294,"stem":6295},"MSC20-C. Do not use a switch statement to transfer control into a complex block","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc20-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F17.msc20-c",{"title":6297,"path":6298,"stem":6299},"MSC21-C. Use robust loop termination conditions","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc21-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F18.msc21-c",{"title":6301,"path":6302,"stem":6303},"MSC22-C. Use the setjmp(), longjmp() facility securely","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc22-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F19.msc22-c",{"title":6305,"path":6306,"stem":6307},"MSC23-C. Beware of vendor-specific library and language differences","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc23-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F20.msc23-c",{"title":6309,"path":6310,"stem":6311},"MSC24-C. Do not use deprecated or obsolescent functions","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc24-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F21.msc24-c",{"title":6313,"path":6314,"stem":6315},"MSC25-C. Do not use insecure or weak cryptographic algorithms","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc25-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F22.msc25-c",{"title":6317,"path":6318,"stem":6319},"Use subset of ASCII for safety","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fmiscellaneous-msc\u002Fuse-subset-of-ascii-for-safety","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F15.miscellaneous-msc\u002F23.use-subset-of-ascii-for-safety",{"title":5197,"path":6321,"stem":6322,"children":6323},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fposix-pos","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F16.posix-pos\u002F1.index",[6324,6325,6329,6333,6337],{"title":5197,"path":6321,"stem":6322},{"title":6326,"path":6327,"stem":6328},"POS01-C. Check for the existence of links when dealing with files","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fposix-pos\u002Fpos01-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F16.posix-pos\u002F2.pos01-c",{"title":6330,"path":6331,"stem":6332},"POS02-C. Follow the principle of least privilege","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fposix-pos\u002Fpos02-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F16.posix-pos\u002F3.pos02-c",{"title":6334,"path":6335,"stem":6336},"POS04-C. Avoid using PTHREAD_MUTEX_NORMAL type mutex locks","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fposix-pos\u002Fpos04-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F16.posix-pos\u002F4.pos04-c",{"title":6338,"path":6339,"stem":6340},"POS05-C. Limit access to files by creating a jail","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fposix-pos\u002Fpos05-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F16.posix-pos\u002F5.pos05-c",{"title":5267,"path":6342,"stem":6343,"children":6344},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fpreprocessor-pre","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F17.preprocessor-pre\u002F01.index",[6345,6346,6350,6354,6358,6362,6366,6370,6374,6378,6382,6386,6390,6394],{"title":5267,"path":6342,"stem":6343},{"title":6347,"path":6348,"stem":6349},"PRE00-C. Prefer inline or static functions to function-like macros","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fpreprocessor-pre\u002Fpre00-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F17.preprocessor-pre\u002F02.pre00-c",{"title":6351,"path":6352,"stem":6353},"PRE01-C. Use parentheses within macros around parameter names","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fpreprocessor-pre\u002Fpre01-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F17.preprocessor-pre\u002F03.pre01-c",{"title":6355,"path":6356,"stem":6357},"PRE02-C. Macro replacement lists should be parenthesized","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fpreprocessor-pre\u002Fpre02-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F17.preprocessor-pre\u002F04.pre02-c",{"title":6359,"path":6360,"stem":6361},"PRE04-C. Do not reuse a standard header file name","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fpreprocessor-pre\u002Fpre04-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F17.preprocessor-pre\u002F05.pre04-c",{"title":6363,"path":6364,"stem":6365},"PRE05-C. Understand macro replacement when concatenating tokens or performing stringification","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fpreprocessor-pre\u002Fpre05-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F17.preprocessor-pre\u002F06.pre05-c",{"title":6367,"path":6368,"stem":6369},"PRE06-C. Enclose header files in an include guard","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fpreprocessor-pre\u002Fpre06-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F17.preprocessor-pre\u002F07.pre06-c",{"title":6371,"path":6372,"stem":6373},"PRE07-C. Avoid using repeated question marks","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fpreprocessor-pre\u002Fpre07-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F17.preprocessor-pre\u002F08.pre07-c",{"title":6375,"path":6376,"stem":6377},"PRE08-C. Guarantee that header file names are unique","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fpreprocessor-pre\u002Fpre08-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F17.preprocessor-pre\u002F09.pre08-c",{"title":6379,"path":6380,"stem":6381},"PRE09-C. Do not replace secure functions with deprecated or obsolescent functions","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fpreprocessor-pre\u002Fpre09-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F17.preprocessor-pre\u002F10.pre09-c",{"title":6383,"path":6384,"stem":6385},"PRE10-C. Wrap multistatement macros in a do-while loop","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fpreprocessor-pre\u002Fpre10-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F17.preprocessor-pre\u002F11.pre10-c",{"title":6387,"path":6388,"stem":6389},"PRE11-C. Do not conclude macro definitions with a semicolon","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fpreprocessor-pre\u002Fpre11-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F17.preprocessor-pre\u002F12.pre11-c",{"title":6391,"path":6392,"stem":6393},"PRE12-C. Do not define unsafe macros","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fpreprocessor-pre\u002Fpre12-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F17.preprocessor-pre\u002F13.pre12-c",{"title":6395,"path":6396,"stem":6397},"PRE13-C. Use the Standard predefined macros to test for versions and features.","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fpreprocessor-pre\u002Fpre13-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F17.preprocessor-pre\u002F14.pre13-c",{"title":5285,"path":6399,"stem":6400,"children":6401},"\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fsignals-sig","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F18.signals-sig\u002F1.index",[6402,6403,6407,6411],{"title":5285,"path":6399,"stem":6400},{"title":6404,"path":6405,"stem":6406},"SIG00-C. Mask signals handled by noninterruptible signal handlers","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fsignals-sig\u002Fsig00-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F18.signals-sig\u002F2.sig00-c",{"title":6408,"path":6409,"stem":6410},"SIG01-C. Understand implementation-specific details regarding signal handler persistence","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fsignals-sig\u002Fsig01-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F18.signals-sig\u002F3.sig01-c",{"title":6412,"path":6413,"stem":6414},"SIG02-C. Avoid using signals to implement normal functionality","\u002Fsei-cert-c-coding-standard\u002Frecommendations\u002Fsignals-sig\u002Fsig02-c","4.sei-cert-c-coding-standard\u002F08.recommendations\u002F18.signals-sig\u002F4.sig02-c",{"title":6416,"path":6417,"stem":6418},"CERT manifest files","\u002Fsei-cert-c-coding-standard\u002Fcert-manifest-files","4.sei-cert-c-coding-standard\u002F09.cert-manifest-files",1775657796990]