C Secure Coding Rules Defect Reports

Document: N 1832
Subject: TS 17961: C Secure Coding Rules Defect Reports
Source: WG 14
Date: 2014/04/25
Version: 1

The following defects have been reported against ISO/IEC TS 17961:2013, Information technology – Programming languages, their environments and system software interfaces – C Secure Coding Rules.

Defect Report 1

Subject: CSCR error in 5.21 example
Date: April 2014

In N1801 it is argued that the example is wrong, and the committee agrees. The following TC from that paper was approved, with the suggestion that changing malloc(8) to malloc(2) would be even more compelling.

Change the example in 5.21 to:


   struct S1 { int x, y, z;};   /*  sizeof(S1)  is 12  */

   struct S1 *copyS1(const struct S1 s) {
      struct S1 *q = (struct S1 *)malloc(8); /* Diagnostic required */
      *q = s;
      return q;
   }