| CERT-C |
Category | C Warning Classes |
| CERT-C:API00-C Functions should validate their parameters |
Recommendation |
| closely mapped |
|
| also related |
|
|
| CERT-C:API07-C Enforce type safety |
Recommendation | |
| CERT-C:ARR00-C Understand how arrays work |
Recommendation | |
| CERT-C:ARR01-C Do not apply the sizeof operator to a pointer when taking the size of an array |
Recommendation | |
| CERT-C:ARR30-C Do not form or use out-of-bounds pointers or array subscripts |
Rule | |
| CERT-C:ARR32-C Ensure size arguments for variable length arrays are in a valid range |
Rule |
| closely mapped |
|
| also related |
|
|
| CERT-C:ARR36-C Do not subtract or compare two pointers that do not refer to the same array |
Rule | |
| CERT-C:ARR37-C Do not add or subtract an integer to a pointer to a non-array object |
Rule | |
| CERT-C:ARR38-C Guarantee that library functions do not form invalid pointers |
Rule | |
| CERT-C:ARR39-C Do not add or subtract a scaled integer to a pointer |
Rule | |
| CERT-C:CON01-C Acquire and release synchronization primitives in the same module, at the same level of abstraction |
Recommendation | |
| CERT-C:CON02-C Do not use volatile as a synchronization primitive |
Recommendation | |
| CERT-C:CON05-C Do not perform operations that can block while holding a lock |
Recommendation | |
| CERT-C:CON06-C Ensure that every mutex outlives the data it protects |
Recommendation | |
| CERT-C:CON07-C Ensure that compound operations on shared variables are atomic |
Recommendation |
| closely mapped |
|
| also related |
|
|
| CERT-C:CON08-C Do not assume that a group of calls to independently atomic methods is atomic |
Recommendation | |
| CERT-C:CON30-C Clean up thread-specific storage |
Rule | |
| CERT-C:CON31-C Do not destroy a mutex while it is locked |
Rule | |
| CERT-C:CON32-C Prevent data races when accessing bit-fields from multiple threads |
Rule | |
| CERT-C:CON33-C Avoid race conditions when using library functions |
Rule |
| closely mapped |
|
| also related |
|
|
| CERT-C:CON34-C Declare objects shared between threads with appropriate storage durations |
Rule | |
| CERT-C:CON35-C Avoid deadlock by locking in a predefined order |
Rule | |
| CERT-C:CON36-C Wrap functions that can spuriously wake up in a loop |
Rule | |
| CERT-C:CON37-C Do not call signal() in a multithreaded program |
Rule | |
| CERT-C:CON38-C Preserve thread safety and liveness when using condition variables |
Rule | |
| CERT-C:CON39-C Do not join or detach a thread that was previously joined or detached |
Rule | |
| CERT-C:CON40-C Do not refer to an atomic variable twice in an expression |
Rule | |
| CERT-C:CON41-C Wrap functions that can fail spuriously in a loop |
Rule | |
| CERT-C:CON43-C Do not allow data races in multithreaded code |
Rule | |
| CERT-C:DCL00-C Const-qualify immutable objects |
Recommendation | |
| CERT-C:DCL01-C Do not reuse variable names in subscopes |
Recommendation | |
| CERT-C:DCL02-C Use visually distinct identifiers |
Recommendation | |
| CERT-C:DCL04-C Do not declare more than one variable per declaration |
Recommendation | |
| CERT-C:DCL05-C Use typedefs of non-pointer types only |
Recommendation | |
| CERT-C:DCL06-C Use meaningful symbolic constants to represent literal values |
Recommendation | |
| CERT-C:DCL07-C Include the appropriate type information in function declarators |
Recommendation | |
| CERT-C:DCL11-C Understand the type issues associated with variadic functions |
Recommendation | |
| CERT-C:DCL13-C Declare function parameters that are pointers to values not changed by the function as const |
Recommendation | |
| CERT-C:DCL15-C Declare file-scope objects or functions that do not need external linkage as static |
Recommendation | |
| CERT-C:DCL16-C Use "L," not "l," to indicate a long value |
Recommendation | |
| CERT-C:DCL17-C Beware of miscompiled volatile-qualified variables |
Recommendation | |
| CERT-C:DCL18-C Do not begin integer constants with 0 when specifying a decimal value |
Recommendation | |
| CERT-C:DCL19-C Minimize the scope of variables and functions |
Recommendation | |
| CERT-C:DCL20-C Explicitly specify void when a function accepts no arguments |
Recommendation | |
| CERT-C:DCL23-C Guarantee that mutually visible identifiers are unique |
Recommendation | |
| CERT-C:DCL30-C Declare objects with appropriate storage durations |
Rule | |
| CERT-C:DCL36-C Do not declare an identifier with conflicting linkage classifications |
Rule | |
| CERT-C:DCL37-C Do not declare or define a reserved identifier |
Rule | |
| CERT-C:DCL38-C Use the correct syntax when declaring a flexible array member |
Rule | |
| CERT-C:DCL39-C Avoid information leakage when passing a structure across a trust boundary |
Rule | |
| CERT-C:DCL40-C Do not create incompatible declarations of the same function or object |
Rule |
| closely mapped |
|
| also related |
|
|
| CERT-C:DCL41-C Do not declare variables inside a switch statement before the first case label |
Rule | |
| CERT-C:ENV01-C Do not make assumptions about the size of an environment variable |
Recommendation | |
| CERT-C:ENV30-C Do not modify the object referenced by the return value of certain functions |
Rule |
| closely mapped |
|
| also related |
|
|
| CERT-C:ENV31-C Do not rely on an environment pointer following an operation that may invalidate it |
Rule | |
| CERT-C:ENV32-C All exit handlers must return normally |
Rule | |
| CERT-C:ENV33-C Do not call system() |
Rule | |
| CERT-C:ENV34-C Do not store pointers returned by certain functions |
Rule | |
| CERT-C:ERR30-C Take care when reading errno |
Rule |
| closely mapped |
|
| also related |
|
|
| CERT-C:ERR33-C Detect and handle standard library errors |
Rule | |
| CERT-C:ERR34-C Detect errors when converting a string to a number |
Rule | |
| CERT-C:EXP00-C Use parentheses for precedence of operation |
Recommendation | |
| CERT-C:EXP05-C Do not cast away a const qualification |
Recommendation | |
| CERT-C:EXP08-C Ensure pointer arithmetic is used correctly |
Recommendation | |
| CERT-C:EXP10-C Do not depend on the order of evaluation of subexpressions or the order in which side effects take place |
Recommendation | |
| CERT-C:EXP11-C Do not make assumptions regarding the layout of structures with bit-fields |
Recommendation | |
| CERT-C:EXP12-C Do not ignore values returned by functions |
Recommendation | |
| CERT-C:EXP14-C Beware of integer promotion when performing bitwise operations on integer types smaller than int |
Recommendation | |
| CERT-C:EXP15-C Do not place a semicolon on the same line as an if, for, or while statement |
Recommendation | |
| CERT-C:EXP30-C Do not depend on the order of evaluation for side effects |
Rule |
| closely mapped |
|
| also related |
|
|
| CERT-C:EXP33-C Do not read uninitialized memory |
Rule |
| closely mapped |
|
| also related |
|
|
| CERT-C:EXP34-C Do not dereference null pointers |
Rule | |
| CERT-C:EXP35-C Do not modify objects with temporary lifetime |
Rule | |
| CERT-C:EXP36-C Do not cast pointers into more strictly aligned pointer types |
Rule | |
| CERT-C:EXP37-C Call functions with the correct number and type of arguments |
Rule | |
| CERT-C:EXP39-C Do not access a variable through a pointer of an incompatible type |
Rule | |
| CERT-C:EXP40-C Do not modify constant objects |
Rule | |
| CERT-C:EXP42-C Do not compare padding data |
Rule |
| closely mapped |
|
| also related |
|
|
| CERT-C:EXP43-C Avoid undefined behavior when using restrict-qualified pointers |
Rule | |
| CERT-C:EXP44-C Do not rely on side effects in operands to sizeof, _Alignof, or _Generic |
Rule | |
| CERT-C:EXP45-C Do not perform assignments in selection statements |
Rule | |
| CERT-C:EXP46-C Do not use a bitwise operator with a Boolean-like operand |
Rule | |
| CERT-C:EXP47-C Do not call va_arg with an argument of the incorrect type |
Rule | |
| CERT-C:FIO01-C Be careful using functions that use file names for identification |
Recommendation | |
| CERT-C:FIO02-C Canonicalize path names originating from tainted sources |
Recommendation | |
| CERT-C:FIO03-C Do not make assumptions about fopen() and file creation |
Recommendation | |
| CERT-C:FIO06-C Create files with appropriate access permissions |
Recommendation | |
| CERT-C:FIO11-C Take care when specifying the mode parameter of fopen() |
Recommendation | |
| CERT-C:FIO21-C Do not create temporary files in shared directories |
Recommendation | |
| CERT-C:FIO24-C Do not open a file that is already open |
Recommendation | |
| CERT-C:FIO30-C Exclude user input from format strings |
Rule | |
| CERT-C:FIO34-C Distinguish between characters read from a file and EOF or WEOF |
Rule | |
| CERT-C:FIO37-C Do not assume that fgets() or fgetws() returns a nonempty string when successful |
Rule | |
| CERT-C:FIO39-C Do not alternately input and output from a stream without an intervening flush or positioning call |
Rule | |
| CERT-C:FIO40-C Reset strings on fgets() or fgetws() failure |
Rule | |
| CERT-C:FIO41-C Do not call getc(), putc(), getwc(), or putwc() with a stream argument that has side effects |
Rule | |
| CERT-C:FIO42-C Close files when they are no longer needed |
Rule | |
| CERT-C:FIO45-C Avoid TOCTOU race conditions while accessing files |
Rule | |
| CERT-C:FIO46-C Do not access a closed file |
Rule | |
| CERT-C:FIO47-C Use valid format strings |
Rule | |
| CERT-C:FLP00-C Understand the limitations of floating-point numbers |
Recommendation | |
| CERT-C:FLP02-C Avoid using floating-point numbers when precise computation is needed |
Recommendation | |
| CERT-C:FLP06-C Convert integers to floating point for floating-point operations |
Recommendation | |
| CERT-C:FLP30-C Do not use floating-point variables as loop counters |
Rule | |
| CERT-C:FLP32-C Prevent or detect domain and range errors in math functions |
Rule | |
| CERT-C:FLP34-C Ensure that floating-point conversions are within range of the new type |
Rule | |
| CERT-C:FLP36-C Preserve precision when converting integral values to floating-point type |
Rule | |
| CERT-C:FLP37-C Do not use object representations to compare floating-point values |
Rule | |
| CERT-C:INT01-C Use rsize_t or size_t for all integer values representing the size of an object |
Recommendation | |
| CERT-C:INT02-C Understand integer conversion rules |
Recommendation |
| closely mapped |
|
| also related |
|
|
| CERT-C:INT04-C Enforce limits on integer values originating from tainted sources |
Recommendation | |
| CERT-C:INT05-C Do not use input functions to convert character data if they cannot handle all possible inputs |
Recommendation | |
| CERT-C:INT07-C Use only explicitly signed or unsigned char type for numeric values |
Recommendation | |
| CERT-C:INT08-C Verify that all integer values are in range |
Recommendation | |
| CERT-C:INT09-C Ensure enumeration constants map to unique values |
Recommendation | |
| CERT-C:INT12-C Do not make assumptions about the type of a plain int bit-field when used in an expression |
Recommendation | |
| CERT-C:INT13-C Use bitwise operators only on unsigned operands |
Recommendation | |
| CERT-C:INT18-C Evaluate integer expressions in a larger size before comparing or assigning to that size |
Recommendation | |
| CERT-C:INT30-C Ensure that unsigned integer operations do not wrap |
Rule | |
| CERT-C:INT31-C Ensure that integer conversions do not result in lost or misinterpreted data |
Rule | |
| CERT-C:INT32-C Ensure that operations on signed integers do not result in overflow |
Rule | |
| CERT-C:INT33-C Ensure that division and remainder operations do not result in divide-by-zero errors |
Rule | |
| CERT-C:INT34-C Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand |
Rule | |
| CERT-C:INT35-C Use correct integer precisions |
Rule | |
| CERT-C:INT36-C Converting a pointer to integer or integer to pointer |
Rule | |
| CERT-C:MEM00-C Allocate and free memory in the same module, at the same level of abstraction |
Recommendation | |
| CERT-C:MEM01-C Store a new value in pointers immediately after free() |
Recommendation | |
| CERT-C:MEM05-C Avoid large stack allocations |
Recommendation | |
| CERT-C:MEM07-C Ensure that the arguments to calloc(), when multiplied, do not wrap |
Recommendation | |
| CERT-C:MEM11-C Do not assume infinite heap space |
Recommendation | |
| CERT-C:MEM30-C Do not access freed memory |
Rule | |
| CERT-C:MEM31-C Free dynamically allocated memory when no longer needed |
Rule | |
| CERT-C:MEM33-C Allocate and copy structures containing a flexible array member dynamically |
Rule |
| closely mapped |
|
| also related |
|
|
| CERT-C:MEM34-C Only free memory allocated dynamically |
Rule | |
| CERT-C:MEM35-C Allocate sufficient memory for an object |
Rule | |
| CERT-C:MEM36-C Do not modify the alignment of objects by calling realloc() |
Rule | |
| CERT-C:MSC00-C Compile cleanly at high warning levels |
Recommendation | |
| CERT-C:MSC06-C Beware of compiler optimizations |
Recommendation | |
| CERT-C:MSC07-C Detect and remove dead code |
Recommendation | |
| CERT-C:MSC11-C Incorporate diagnostic tests using assertions |
Recommendation | |
| CERT-C:MSC12-C Detect and remove code that has no effect or is never executed |
Recommendation | |
| CERT-C:MSC13-C Detect and remove unused values |
Recommendation | |
| CERT-C:MSC15-C Do not depend on undefined behavior |
Recommendation | |
| CERT-C:MSC17-C Finish every set of statements associated with a case label with a break statement |
Recommendation | |
| CERT-C:MSC18-C Be careful while handling sensitive data, such as passwords, in program code |
Recommendation | |
| CERT-C:MSC20-C Do not use a switch statement to transfer control into a complex block |
Recommendation | |
| CERT-C:MSC21-C Use robust loop termination conditions |
Recommendation | |
| CERT-C:MSC22-C Use the setjmp(), longjmp() facility securely |
Recommendation | |
| CERT-C:MSC23-C Beware of vendor-specific library and language differences |
Recommendation | |
| CERT-C:MSC24-C Do not use deprecated or obsolescent functions |
Recommendation | |
| CERT-C:MSC25-C Do not use insecure or weak cryptographic algorithms |
Recommendation | |
| CERT-C:MSC30-C Do not use the rand() function for generating pseudorandom numbers |
Rule | |
| CERT-C:MSC32-C Properly seed pseudorandom number generators |
Rule | |
| CERT-C:MSC33-C Do not pass invalid data to the asctime() function |
Rule | |
| CERT-C:MSC37-C Ensure that control never reaches the end of a non-void function |
Rule | |
| CERT-C:MSC38-C Do not treat a predefined identifier as an object if it might only be implemented as a macro |
Rule | |
| CERT-C:MSC39-C Do not call va_arg() on a va_list that has an indeterminate value |
Rule | |
| CERT-C:MSC41-C Never hard code sensitive information |
Rule | |
| CERT-C:POS05-C Limit access to files by creating a jail |
Recommendation | |
| CERT-C:POS30-C Use the readlink() function properly |
Rule | |
| CERT-C:POS34-C Do not call putenv() with a pointer to an automatic variable as the argument |
Rule | |
| CERT-C:POS38-C Beware of race conditions when using fork and file descriptors |
Rule | |
| CERT-C:POS44-C Do not use signals to terminate threads |
Rule | |
| CERT-C:POS48-C Do not unlock or destroy another POSIX thread's mutex |
Rule | |
| CERT-C:POS49-C When data must be accessed by multiple threads, provide a mutex and guarantee no adjacent data is also accessed |
Rule | |
| CERT-C:POS51-C Avoid deadlock with POSIX threads by locking in predefined order |
Rule | |
| CERT-C:POS52-C Do not perform operations that can block while holding a POSIX lock |
Rule | |
| CERT-C:POS54-C Detect and handle POSIX library errors |
Rule | |
| CERT-C:PRE00-C Prefer inline or static functions to function-like macros |
Recommendation | |
| CERT-C:PRE02-C Macro replacement lists should be parenthesized |
Recommendation | |
| CERT-C:PRE05-C Understand macro replacement when concatenating tokens or performing stringification |
Recommendation | |
| CERT-C:PRE11-C Do not conclude macro definitions with a semicolon |
Recommendation | |
| CERT-C:PRE30-C Do not create a universal character name through concatenation |
Rule | |
| CERT-C:PRE31-C Avoid side effects in arguments to unsafe macros |
Rule |
| closely mapped |
|
| also related |
|
|
| CERT-C:PRE32-C Do not use preprocessor directives in invocations of function-like macros |
Rule | |
| CERT-C:SIG00-C Mask signals handled by noninterruptible signal handlers |
Recommendation | |
| CERT-C:SIG01-C Understand implementation-specific details regarding signal handler persistence |
Recommendation | |
| CERT-C:SIG02-C Avoid using signals to implement normal functionality |
Recommendation | |
| CERT-C:SIG30-C Call only asynchronous-safe functions within signal handlers |
Rule | |
| CERT-C:SIG31-C Do not access shared objects in signal handlers |
Rule | |
| CERT-C:SIG34-C Do not call signal() from within interruptible signal handlers |
Rule | |
| CERT-C:SIG35-C Do not return from a computational exception signal handler |
Rule | |
| CERT-C:STR00-C Represent characters using an appropriate type |
Recommendation | |
| CERT-C:STR02-C Sanitize data passed to complex subsystems |
Recommendation | |
| CERT-C:STR03-C Do not inadvertently truncate a string |
Recommendation | |
| CERT-C:STR04-C Use plain char for characters in the basic character set |
Recommendation | |
| CERT-C:STR05-C Use pointers to const when referring to string literals |
Recommendation | |
| CERT-C:STR07-C Use the bounds-checking interfaces for string manipulation |
Recommendation | |
| CERT-C:STR30-C Do not attempt to modify string literals |
Rule | |
| CERT-C:STR31-C Guarantee that storage for strings has sufficient space for character data and the null terminator |
Rule | |
| CERT-C:STR32-C Do not pass a non-null-terminated character sequence to a library function that expects a string |
Rule | |
| CERT-C:STR34-C Cast characters to unsigned char before converting to larger integer sizes |
Rule | |
| CERT-C:STR37-C Arguments to character-handling functions must be representable as an unsigned char |
Rule | |
| CERT-C:STR38-C Do not confuse narrow and wide character strings and functions |
Rule | |
| CERT-C:WIN00-C Be specific when dynamically loading libraries |
Recommendation | |
| CERT-C:WIN02-C Restrict privileges when spawning child processes |
Recommendation | |
| CERT-C:WIN30-C Properly pair allocation and deallocation functions |
Rule | |