SEI CERT C Coding Standard - Guidelines 06. Arrays (ARR)

The product reads or writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.

The product uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds ...

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index ref...

In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled.

The product reads data past the end, or before the beginning, of the intended buffer.

The product uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity.

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter ...

The product subtracts one pointer from another in order to determine size, but this calculation can be incorrect if the pointers do not exist in the same memory chunk.

Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.

CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the online wiki that reflects that current rules and recommen...