SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO)

The product calls a function, procedure, or routine, but the caller specifies an argument that is the wrong data type, which may lead to resultant weaknesses.

The product calls a function, procedure, or routine, but the caller specifies too many arguments, or too few arguments, which may lead to undefined behavior and result...

The product does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.

The product does not handle or incorrectly handles when a particular element is not the expected type, e.g. it expects a digit (0-9) but is provided with a letter (A-Z).

The product constructs pathnames from user input, but it does not handle or incorrectly handles a pathname containing a Windows device name such as AUX or CON. This ty...

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process th...

The product does not release or incorrectly releases a resource before it is made available for re-use.

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.

The product does not properly maintain a reference to a resource that has been allocated, which prevents the resource from being reclaimed.

The product does not properly maintain references to a file descriptor or handle, which prevents that file descriptor/handle from being reclaimed.

The product does not release a file descriptor or handle after its effective lifetime has ended, i.e., after the file descriptor/handle is no longer needed.

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.

The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.

The product performs an operation on a resource at the wrong phase of the resource's lifecycle, which can lead to unexpected behaviors.

The product uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity.

The product uses or accesses a file descriptor after it has been closed.

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the online wiki that reflects that current rules and recommen...