CERT C Secure Coding Standard (2008) Chapter 4 - Expressions (EXP)
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Summary
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
Weaknesses in this category are related to the rules and recommendations in the Expressions (EXP) chapter of the CERT C Secure Coding Standard (2008).
Weaknesses
The product calls a function, procedure, or routine with arguments that are not correctly specified, leading to always-incorrect behavior and resultant weaknesses.
In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled.
The product does not correctly convert an object, resource, or structure from one type to a different type.
The product dereferences a pointer that it expects to be valid but is NULL.
The product uses an expression in which operator precedence causes incorrect logic to be used.
The code calls sizeof() on a pointer type, which can be an incorrect calculation if the programmer intended to determine the size of the data that is being pointed to.
Concepts
Deprecated or Obsolete
CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the book "The CERT C Secure Coding Standard" published in 200...
Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.