💾 Archived View for gmi.noulin.net › SEI_CERT_C captured on 2023-03-20 at 17:38:20. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-01-29)
-=-=-=-=-=-=-
SEI CERT C is a secure coding standard, these pages are a copy of:
Last update: 2023-03-14 03:00:05
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
ARR32-C. Ensure size arguments for variable length arrays are in a valid range
ARR36-C. Do not subtract or compare two pointers that do not refer to the same array
ARR37-C. Do not add or subtract an integer to a pointer to a non-array object
ARR38-C. Guarantee that library functions do not form invalid pointers
ARR39-C. Do not add or subtract a scaled integer to a pointer
CON30-C. Clean up thread-specific storage
CON31-C. Do not destroy a mutex while it is locked
CON32-C. Prevent data races when accessing bit-fields from multiple threads
CON33-C. Avoid race conditions when using library functions
CON34-C. Declare objects shared between threads with appropriate storage durations
CON35-C. Avoid deadlock by locking in a predefined order
CON36-C. Wrap functions that can spuriously wake up in a loop
CON37-C. Do not call signal() in a multithreaded program
CON38-C. Preserve thread safety and liveness when using condition variables
CON39-C. Do not join or detach a thread that was previously joined or detached
CON40-C. Do not refer to an atomic variable twice in an expression
CON41-C. Wrap functions that can fail spuriously in a loop
CON43-C. Do not allow data races in multithreaded code
DCL30-C. Declare objects with appropriate storage durations
DCL31-C. Declare identifiers before using them
DCL36-C. Do not declare an identifier with conflicting linkage classifications
DCL37-C. Do not declare or define a reserved identifier
DCL38-C. Use the correct syntax when declaring a flexible array member
DCL39-C. Avoid information leakage when passing a structure across a trust boundary
DCL40-C. Do not create incompatible declarations of the same function or object
DCL41-C. Do not declare variables inside a switch statement before the first case label
ENV30-C. Do not modify the object referenced by the return value of certain functions
ENV31-C. Do not rely on an environment pointer following an operation that may invalidate it
ENV32-C. All exit handlers must return normally
ENV34-C. Do not store pointers returned by certain functions
ERR30-C. Take care when reading errno
ERR32-C. Do not rely on indeterminate values of errno
ERR33-C. Detect and handle standard library errors
ERR34-C. Detect errors when converting a string to a number
EXP30-C. Do not depend on the order of evaluation for side effects
EXP32-C. Do not access a volatile object through a nonvolatile reference
EXP33-C. Do not read uninitialized memory
EXP34-C. Do not dereference null pointers
EXP35-C. Do not modify objects with temporary lifetime
EXP36-C. Do not cast pointers into more strictly aligned pointer types
EXP37-C. Call functions with the correct number and type of arguments
EXP39-C. Do not access a variable through a pointer of an incompatible type
EXP40-C. Do not modify constant objects
EXP42-C. Do not compare padding data
EXP43-C. Avoid undefined behavior when using restrict-qualified pointers
EXP44-C. Do not rely on side effects in operands to sizeof, _Alignof, or _Generic
EXP45-C. Do not perform assignments in selection statements
EXP46-C. Do not use a bitwise operator with a Boolean-like operand
EXP47-C. Do not call va_arg with an argument of the incorrect type
FIO30-C. Exclude user input from format strings
FIO32-C. Do not perform operations on devices that are only appropriate for files
FIO34-C. Distinguish between characters read from a file and EOF or WEOF
FIO37-C. Do not assume that fgets() or fgetws() returns a nonempty string when successful
FIO38-C. Do not copy a FILE object
FIO40-C. Reset strings on fgets() or fgetws() failure
FIO42-C. Close files when they are no longer needed
FIO45-C. Avoid TOCTOU race conditions while accessing files
FIO46-C. Do not access a closed file
FIO47-C. Use valid format strings
FLP30-C. Do not use floating-point variables as loop counters
FLP32-C. Prevent or detect domain and range errors in math functions
FLP34-C. Ensure that floating-point conversions are within range of the new type
FLP36-C. Preserve precision when converting integral values to floating-point type
FLP37-C. Do not use object representations to compare floating-point values
INT30-C. Ensure that unsigned integer operations do not wrap
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
INT32-C. Ensure that operations on signed integers do not result in overflow
INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors
INT35-C. Use correct integer precisions
INT36-C. Converting a pointer to integer or integer to pointer
MEM30-C. Do not access freed memory
MEM31-C. Free dynamically allocated memory when no longer needed
MEM33-C. Allocate and copy structures containing a flexible array member dynamically
MEM34-C. Only free memory allocated dynamically
MEM35-C. Allocate sufficient memory for an object
MSC30-C. Do not use the rand() function for generating pseudorandom numbers
MSC32-C. Properly seed pseudorandom number generators
MSC33-C. Do not pass invalid data to the asctime() function
MSC37-C. Ensure that control never reaches the end of a non-void function
MSC39-C. Do not call va_arg() on a va_list that has an indeterminate value
MSC40-C. Do not violate constraints
MSC41-C. Never hard code sensitive information
POS30-C. Use the readlink() function properly
POS34-C. Do not call putenv() with a pointer to an automatic variable as the argument
POS35-C. Avoid race conditions while checking for the existence of a symbolic link
POS36-C. Observe correct revocation order while relinquishing privileges
POS37-C. Ensure that privilege relinquishment is successful
POS38-C. Beware of race conditions when using fork and file descriptors
POS39-C. Use the correct byte ordering when transferring data between systems
POS44-C. Do not use signals to terminate threads
POS47-C. Do not use threads that can be canceled asynchronously
POS48-C. Do not unlock or destroy another POSIX thread's mutex
POS50-C. Declare objects shared between POSIX threads with appropriate storage durations
POS51-C. Avoid deadlock with POSIX threads by locking in predefined order
POS52-C. Do not perform operations that can block while holding a POSIX lock
POS53-C. Do not use more than one mutex for concurrent waiting operations on a condition variable
POS54-C. Detect and handle POSIX library errors
PRE30-C. Do not create a universal character name through concatenation
PRE31-C. Avoid side effects in arguments to unsafe macros
PRE32-C. Do not use preprocessor directives in invocations of function-like macros
SIG30-C. Call only asynchronous-safe functions within signal handlers
SIG31-C. Do not access shared objects in signal handlers
SIG34-C. Do not call signal() from within interruptible signal handlers
SIG35-C. Do not return from a computational exception signal handler
STR30-C. Do not attempt to modify string literals
STR34-C. Cast characters to unsigned char before converting to larger integer sizes
STR37-C. Arguments to character-handling functions must be representable as an unsigned char
STR38-C. Do not confuse narrow and wide character strings and functions
WIN30-C. Properly pair allocation and deallocation functions