CERT C Secure Coding Standard (2008) Chapter 4 - Expressions (EXP)

A category in the Common Weakness Enumeration published by The MITRE Corporation.


Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

Weaknesses in this category are related to the rules and recommendations in the Expressions (EXP) chapter of the CERT C Secure Coding Standard (2008).


Function Call with Incorrectly Specified Arguments

The product calls a function, procedure, or routine with arguments that are not correctly specified, leading to always-incorrect behavior and resultant weaknesses.

Incorrect Pointer Scaling

In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled.

Incorrect Type Conversion or Cast

The software does not correctly convert an object, resource, or structure from one type to a different type.

NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Operator Precedence Logic Error

The program uses an expression in which operator precedence causes incorrect logic to be used.

Use of sizeof() on a Pointer Type

The code calls sizeof() on a malloced pointer type, which always returns the wordsize/8. This can produce an unexpected result if the programmer intended to determine ...


Deprecated or Obsolete

Weaknesses Addressed by the CERT C Secure Coding Standard (2008)

CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the book "The CERT C Secure Coding Standard" published in 200...

Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.