SEI CERT C Coding Standard - Guidelines 03. Expressions (EXP)

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompa...

The code uses an operator for assignment when the intention was to perform a comparison.

The product calls a function, procedure, or routine, but the caller specifies an argument that is the wrong data type, which may lead to resultant weaknesses.

The product calls a function, procedure, or routine, but the caller specifies too many arguments, or too few arguments, which may lead to undefined behavior and result...

The product calls a function, procedure, or routine with arguments that are not correctly specified, leading to always-incorrect behavior and resultant weaknesses.

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

The product does not correctly convert an object, resource, or structure from one type to a different type.

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

The product reads data past the end, or before the beginning, of the intended buffer.

The product uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity.

The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer der...

The product accidentally uses the wrong operator, which changes the logic in security-relevant ways.

The product uses or accesses a resource that has not been initialized.

CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the online wiki that reflects that current rules and recommen...