CERT C Secure Coding Standard (2008) Chapter 5 - Integers (INT)

The product sets a pointer to a specific address other than NULL or 0.

The product divides a value by zero.

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process th...

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index ref...

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting va...

Integer coercion refers to a set of flaws pertaining to the type casting, extension, or truncation of primitive data types.

The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the o...

Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.

A function can return a pointer to memory that is outside of the buffer that the pointer is expected to reference.

The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service or other consequences because of excessive loo...

The product invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.

CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the book "The CERT C Secure Coding Standard" published in 200...