c

r2c

Author

Download Count*

LGPL Commons Clause

License

Default ruleset for C, curated by r2c.

Run Locally

Rules (6)

c.lang.security.double-free.double-free

returntocorp

Variable '$VAR' was freed twice. This can lead to undefined behavior.

c.lang.security.insecure-use-gets-fn.insecure-use-gets-fn

returntocorp

Avoid 'gets()'. This function does not consider buffer boundaries and can lead to buffer overflows. Use 'fgets()' or 'gets_s()' instead.

c.lang.security.insecure-use-printf-fn.insecure-use-printf-fn

returntocorp

Avoid using user-controlled format strings passed into 'sprintf', 'printf' and 'vsprintf'. These functions put you at risk of buffer overflow vulnerabilities through the use of format string exploits. Instead, use 'snprintf' and 'vsnprintf'.

c.lang.security.random-fd-exhaustion.random-fd-exhaustion

returntocorp

Call to 'read()' without error checking is susceptible to file descriptor exhaustion. Consider using the 'getrandom()' function.

c.lang.security.use-after-free.use-after-free

returntocorp

Variable '$VAR' was used after being freed. This can lead to undefined behavior.

c.lang.security.info-leak-on-non-formatted-string.info-leak-on-non-formated-string

returntocorp

Use %s, %d, %c... to format your variables, otherwise this could leak information.