SonarSource Rules
  • Products

    In-IDE

    Code Quality and Security in your IDE with SonarQube Ide

    IDE extension that lets you fix coding issues before they exist!

    Discover SonarQube for IDE

    SaaS

    Code Quality and Security in the cloud with SonarQube Cloud

    Setup is effortless and analysis is automatic for most languages

    Discover SonarQube Cloud

    Self-Hosted

    Code Quality and Security Self-Hosted with SonarQube Server

    Fast, accurate analysis; enterprise scalability

    Discover SonarQube Server
  • SecretsSecrets
  • ABAPABAP
  • AnsibleAnsible
  • ApexApex
  • AzureResourceManagerAzureResourceManager
  • CC
  • C#C#
  • C++C++
  • CloudFormationCloudFormation
  • COBOLCOBOL
  • CSSCSS
  • DartDart
  • DockerDocker
  • FlexFlex
  • GitHub ActionsGitHub Actions
  • GoGo
  • HTMLHTML
  • JavaJava
  • JavaScriptJavaScript
  • JSONJSON
  • JCLJCL
  • KotlinKotlin
  • KubernetesKubernetes
  • Objective CObjective C
  • PHPPHP
  • PL/IPL/I
  • PL/SQLPL/SQL
  • PythonPython
  • RPGRPG
  • RubyRuby
  • RustRust
  • ScalaScala
  • ShellShell
  • SwiftSwift
  • TerraformTerraform
  • TextText
  • TypeScriptTypeScript
  • T-SQLT-SQL
  • VB.NETVB.NET
  • VB6VB6
  • XMLXML
  • YAMLYAML
C

C static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C code

  • All rules 315
  • Vulnerability13
  • Bug76
  • Security Hotspot19
  • Code Smell207

  • Quick Fix 19
 
Tags
    Impact
      Clean code attribute
        1. "goto" should jump to labels declared later in the same function

           Code Smell
        2. Pointer and reference parameters should be "const" if the corresponding object is not modified

           Code Smell
        3. "<time.h>" should not be used

           Code Smell
        4. "abort", "exit", "getenv" and "system" from <stdlib.h> should not be used

           Bug
        5. "atof", "atoi" and "atol" from <stdlib.h> should not be used

           Bug
        6. "<stdio.h>" should not be used in production code

           Code Smell
        7. "<signal.h>" should not be used

           Bug
        8. "offsetof" macro should not be used

           Code Smell
        9. "errno" should not be used

           Code Smell
        10. Dynamic heap memory allocation should not be used

           Bug
        11. "setjmp" and "longjmp" should not be used

           Code Smell
        12. Reserved identifiers should not be defined or declared

           Code Smell
        13. Lines starting with "#" should contain valid preprocessing directives

           Bug
        14. Only standard forms of the "defined" directive should be used

           Code Smell
        15. Preprocessor operators "#" and "##" should not be used

           Code Smell
        16. There shall be at most one occurrence of the # or ## operators in a single macro definition

           Code Smell
        17. Macros used in preprocessor directives should be defined before use

           Bug
        18. In the definition of a function-like macro, each instance of a parameter shall be enclosed in parentheses, unless it is used as the operand of # or ##

           Code Smell
        19. Function-like macros should not be invoked without all of their arguments

           Bug
        20. Function-like macros should not be used

           Code Smell
        21. "#undef" should be used with caution

           Code Smell
        22. Macros should not be #define'd or #undef'd within a block

           Code Smell
        23. "#include" directives should be followed by either <filename> or "filename" sequences

           Bug
        24. Non-standard characters should not occur in header file names in "#include" directives

           Bug
        25. #include directives in a file should only be preceded by other preprocessor directives or comments

           Code Smell
        26. Unions should not be used

           Code Smell
        27. Structure and union types should be complete at the end of a translation unit

           Code Smell
        28. The address of an automatic object should not be assigned to another object that may persist after the first object has ceased to exist

           Bug
        29. Object declarations should contain no more than 2 levels of pointer indirection

           Code Smell
        30. Function names should be used either as a call with a parameter list or with the "&" operator

           Code Smell
        31. Function exit paths should have appropriate return values

           Bug
        32. The number of arguments passed to a function should match the number of parameters

           Bug
        33. Functions without parameters should be declared with parameter type "void"

           Code Smell
        34. Parameters in a function prototype should be named

           Code Smell
        35. Recursion should not be used

           Code Smell
        36. Loops should not have more than one "break" or "goto" statement

           Code Smell
        37. Functions should not be defined with a variable number of arguments

           Code Smell
        38. Evaluation of the operand to the sizeof operator shall not contain side effects

           Bug
        39. Switch statement conditions should not have essentially boolean type

           Code Smell
        40. Switch labels should not be nested inside non-switch blocks

           Code Smell
        41. The right-hand operands of && and || should not contain side effects

           Code Smell
        42. "continue" should not be used

           Code Smell
        43. "goto" statement should not be used

           Code Smell
        44. Non-empty statements should change control flow or have at least one side-effect

           Bug
        45. Unused type declarations should be removed

           Code Smell
        46. The three expressions of a "for" statement should only be concerned with loop control

           Code Smell
        47. Tests of non-Boolean values against zero should be explicit

           Code Smell
        48. Increment (++) and decrement (--) operators should not be used in a method call or mixed with other operators in an expression

           Code Smell
        49. Comma operator should not be used

           Code Smell
        50. Unary minus should not be applied to an unsigned expression

           Bug
        51. Bitwise operators should not be applied to signed operands

           Bug
        52. "enum" values should not be used as operands to built-in operators other than [ ], =, ==, !=, unary &, and the relational operators <, <=, >, >=

           Code Smell
        53. "bool" expressions should not be used as operands to built-in operators other than =, &&, ||, !, ==, !=, unary &, and the conditional operator

           Code Smell
        54. Operands of "&&" and "||" should be primary (C) or postfix (C++) expressions

           Code Smell
        55. Boolean operations should not have numeric operands, and vice versa

           Bug
        56. Limited dependence should be placed on operator precedence

           Code Smell
        57. Objects with integer type should not be converted to objects with pointer type

           Bug
        58. A cast shall not remove any const or volatile qualification from the type of a pointer or reference

           Code Smell
        59. Pointer conversions should be restricted to a safe subset

           Bug
        60. Function pointers should not be converted to any other type

           Bug
        61. Constants of unsigned type should have a "U" suffix

           Code Smell
        62. Results of ~ and << operations on operands of underlying types unsigned char and unsigned short should immediately be cast to the operand's underlying type

           Bug
        63. The value of a complex expression should only be cast to a type that is narrower and of the same signedness as the underlying type of the expression

           Code Smell
        64. Signed and unsigned types should not be mixed in expressions

           Code Smell
        65. "enum" members with implicit values should not collide with other enumerators

           Code Smell
        66. Variables should be initialized before use

           Bug
        67. Braces should be used to indicate and match the structure in the non-zero initialization of arrays and structures

           Code Smell
        68. Array declarations should include an explicit size specification

           Code Smell
        69. If a function has internal linkage then all re-declarations shall include the static storage class specifer

           Code Smell
        70. Functions should not be declared at block scope

           Code Smell
        71. Object and function types should be explicitly stated in their declarations and definitions

           Code Smell
        72. Functions should be declared explicitly

           Code Smell
        73. Literal suffix "L" for long integers shall be upper case

           Code Smell
        74. String literals with different prefixes should not be concatenated

           Bug
        75. Bit fields should be declared with appropriate types

           Code Smell
        76. typedefs that indicate size and signedness should be used in place of the basic types

           Code Smell
        77. Appropriate char types should be used for character and integer values

           Code Smell
        78. Identifiers should not be longer than 31 characters

           Code Smell
        79. Digraphs should not be used

           Code Smell
        80. Trigraphs should not be used

           Code Smell
        81. Only escape sequences defined in the ISO C standard should be used

           Bug
        82. All uses of the #pragma directive should be documented

           Code Smell
        83. Source code should only use /* ... */ style comments

           Code Smell
        84. Assembly language should be encapsulated and isolated

           Code Smell
        85. The first element of an array should not be accessed implicitly

           Code Smell
        86. A single L in a literal suffix should only be used for long values

           Code Smell
        87. Macro arguments should not contain preprocessing directives

           Bug
        88. Names of well-known C standard library macros and functions should not be used as identifiers

           Code Smell
        89. All the elements of an aggregate should be provided with an initial value

           Code Smell
        90. Variables should not be accessed outside of their scope

           Bug
        91. Hard-coded secrets are security-sensitive

           Security Hotspot
        92. "volatile" should not be used to qualify objects for which the meaning is not defined

           Bug
        93. "sprintf" should not be used

           Security Hotspot
        94. Changing working directories without verifying the success is security-sensitive

           Security Hotspot
        95. Multicharacter literals should not be used

           Code Smell
        96. Loop variables should be declared in the minimal possible scope

           Code Smell
        97. Setting capabilities is security-sensitive

           Security Hotspot
        98. Accessing files should not introduce TOCTOU vulnerabilities

           Vulnerability
        99. Account validity should be verified when authenticating users with PAM

           Vulnerability
        100. Macros should not be used as replacements for "typedef" and "using"

           Code Smell
        101. Using "tmpnam", "tmpnam_s" or "tmpnam_r" is security-sensitive

           Security Hotspot
        102. Using "strncpy" or "wcsncpy" is security-sensitive

           Security Hotspot
        103. Using "strncat" or "wcsncat" is security-sensitive

           Security Hotspot
        104. Using "strcat" or "wcscat" is security-sensitive

           Security Hotspot
        105. Using "strlen" or "wcslen" is security-sensitive

           Security Hotspot
        106. Changing directories improperly when using "chroot" is security-sensitive

           Security Hotspot
        107. Using "strcpy" or "wcscpy" is security-sensitive

           Security Hotspot
        108. "memset" should not be used to delete sensitive data

           Vulnerability
        109. POSIX functions should not be called with arguments that trigger buffer overflows

           Vulnerability
        110. Relational and subtraction operators should not be used with pointers to different arrays

           Bug
        111. Track comments matching a regular expression

           Code Smell
        112. Arguments evaluation order should not be relied on

           Bug
        113. Cipher algorithms should be robust

           Vulnerability
        114. Encryption algorithms should be used with secure mode and padding scheme

           Vulnerability
        115. Functions that are not used in a project should be removed

           Code Smell
        116. Server hostnames should be verified during SSL/TLS connections

           Vulnerability
        117. "#pragma pack" should be used correctly

           Bug
        118. Size of bit fields should not exceed the size of their types

           Code Smell
        119. Enums should be consistent with the bit fields they initialize

           Bug
        120. "pthread_mutex_t" should be unlocked in the reverse order they were locked

           Bug
        121. Only valid arguments should be passed to UNIX/POSIX functions

           Code Smell
        122. "pthread_mutex_t" should be properly initialized and destroyed

           Bug
        123. "pthread_mutex_t" should not be locked when already locked, or unlocked when already unlocked

           Bug
        124. Only valid arguments should be passed to stream functions

           Code Smell
        125. Using publicly writable directories is security-sensitive

           Security Hotspot
        126. "^" should not be confused with exponentiation

           Code Smell
        127. Pointer and reference local variables should be "const" if the corresponding object is not modified

           Code Smell
        128. Using clear-text protocols is security-sensitive

           Security Hotspot
        129. Blocking functions should not be called inside critical sections

           Code Smell
        130. Return value of "setuid" family of functions should always be checked

           Code Smell
        131. GNU attributes should be used correctly

           Code Smell
        132. Format strings should comply with ISO standards

           Code Smell
        133. Size of variable length arrays should be greater than zero

           Code Smell
        134. Argument of "printf" should be a format string

           Code Smell
        135. "mktemp" family of functions templates should have at least six trailing "X"s

           Code Smell
        136. Unevaluated operands should not have side effects

           Code Smell
        137. Size argument of memory functions should be consistent

           Code Smell
        138. Return value of "nodiscard" functions should not be ignored

           Code Smell
        139. Implicit casts should not lower precision

           Code Smell
        140. Appropriate size arguments should be passed to "strncat" and "strlcpy"

           Code Smell
        141. Functions which do not return should be declared as "noreturn"

           Code Smell
        142. User-defined types should not be passed as variadic arguments

           Bug
        143. Functions with "noreturn" attribute should not return

           Bug
        144. Keywords shall not be used as macros identifiers

           Code Smell
        145. Logical operators should not be confused with bitwise operators

           Code Smell
        146. Dereferenced null pointers should not be bound to references

           Code Smell
        147. "else" statements should be clearly matched with an "if"

           Code Smell
        148. Header guards should be followed by a matching "#define" macro

           Code Smell
        149. Expanding archive files without controlling resource consumption is security-sensitive

           Security Hotspot
        150. "memcmp" should only be called with pointers to trivially copyable types with no padding

           Bug
        151. Server certificates should be verified during SSL/TLS connections

           Vulnerability
        152. Using weak hashing algorithms is security-sensitive

           Security Hotspot
        153. "default" clauses should be first or last

           Code Smell
        154. Cryptographic keys should be robust

           Vulnerability
        155. Weak SSL/TLS protocols should not be used

           Vulnerability
        156. Include directives should not rely on non-portable search strategy

           Code Smell
        157. Array values should not be replaced unconditionally

           Bug
        158. A conditionally executed single line should be denoted by indentation

           Code Smell
        159. Conditionals should start on new lines

           Code Smell
        160. Integral operations should not overflow

           Bug
        161. "case" ranges should cover multiple values

           Code Smell
        162. "case" ranges should not be empty

           Bug
        163. All branches in a conditional structure should not have exactly the same implementation

           Bug
        164. Parameter values should be appropriate

           Bug
        165. "#include" paths should be portable

           Code Smell
        166. "#import" should not be used

           Code Smell
        167. Cognitive Complexity of functions should not be too high

           Code Smell
        168. Macros should not be redefined

           Code Smell
        169. "#include_next" should not be used

           Code Smell
        170. Array indices should be placed between brackets

           Code Smell
        171. String literals should not be concatenated implicitly

           Code Smell
        172. GNU extensions should not be used

           Code Smell
        173. Declaration specifiers should not be redundant

           Bug
        174. Local variables and member data should not be volatile

           Code Smell
        175. Types and variables should be declared in separate statements

           Code Smell
        176. Stack allocated memory and non-owned memory should not be freed

           Bug
        177. Closed resources should not be accessed

           Bug
        178. Dynamically allocated memory should be released

           Bug
        179. "switch" statements should cover all cases

           Code Smell
        180. Freed memory should not be used

           Bug
        181. Memory locations should not be released more than once

           Bug
        182. Memory access should be explicitly bounded to prevent buffer overflows

           Bug
        183. Zero should not be a possible denominator

           Bug
        184. Redundant pointer operator sequences should be removed

           Code Smell
        185. Empty "case" clauses that fall through to the "default" should be omitted

           Code Smell
        186. Format strings should be used correctly

           Code Smell
        187. Conditional operators should not be nested

           Code Smell
        188. Forward declarations should not be redundant

           Code Smell
        189. Label names should comply with a naming convention

           Code Smell
        190. "sizeof" should not be called on pointers

           Bug
        191. Bit fields should not be used

           Code Smell
        192. Unary prefix operators should not be repeated

           Bug
        193. Non-existent operators like "=+" should not be used

           Bug
        194. XML parsers should not be vulnerable to XXE attacks

           Vulnerability
        195. Declarations should not be empty

           Code Smell
        196. Values of different "enum" types should not be compared

           Bug
        197. Multiline blocks should be enclosed in curly braces

           Code Smell
        198. Increment should not be used to set boolean variables to 'true'

           Code Smell
        199. The "sizeof" and "alignof" operator should not be used with operands of a "void" type

           Bug
        200. "nonnull" parameters and return values of "returns_nonnull" functions should not be null

           Bug
        201. Setting loose POSIX file permissions is security-sensitive

           Security Hotspot
        202. Conditionally executed code should be reachable

           Bug
        203. Control characters should not be used in literals

           Code Smell
        204. The "<stdlib.h>" functions "bsearch" and "qsort" should not be used

           Bug
        205. Enumeration values should comply with a naming convention

           Code Smell
        206. Enumeration names should comply with a naming convention

           Code Smell
        207. Octal and hexadecimal escape sequences should be terminated

           Code Smell
        208. Flexible array members should not be declared

           Code Smell
        209. Line-splicing should not be used in "//" comments

           Bug
        210. Printf-style format strings should not lead to unexpected behavior at runtime

           Bug
        211. Track parsing failures

           Code Smell
        212. Null pointers should not be dereferenced

           Bug
        213. User-specified functions should not be called

           Code Smell
        214. Using pseudorandom number generators (PRNGs) is security-sensitive

           Security Hotspot
        215. Parameters should be passed in the correct order

           Code Smell
        216. Single-bit named bit fields should not be of a signed type

           Bug
        217. "for" loop counters should not have essentially floating type

           Bug
        218. Recursion should not be infinite

           Bug
        219. Values should not be uselessly incremented

           Bug
        220. Resources should be closed

           Bug
        221. Hard-coded passwords are security-sensitive

           Security Hotspot
        222. Comment styles "//" and "/* ... */" should not be mixed within a file

           Code Smell
        223. Line continuation characters '\' should not be followed by trailing whitespace

           Bug
        224. Preprocessor directives should not be indented

           Code Smell
        225. Track instances of the "#error" preprocessor directive being reached

           Code Smell
        226. "sizeof(sizeof(...))" should not be used

           Bug
        227. Non-reentrant POSIX functions should be replaced with their reentrant versions

           Code Smell
        228. Obsolete POSIX functions should not be used

           Code Smell
        229. "goto" statements should not be used to jump into blocks

           Code Smell
        230. Redundant casts should not be used

           Code Smell
        231. "union" names should comply with a naming convention

           Code Smell
        232. Code annotated as deprecated should not be used

           Code Smell
        233. Two branches in a conditional structure should not have exactly the same implementation

           Code Smell
        234. Related "if/else if" statements should not have the same condition

           Bug
        235. Unused assignments should be removed

           Code Smell
        236. "restrict" should not be used

           Code Smell
        237. "static" should not be used for the size of an array parameter

           Code Smell
        238. "switch" statements should not be nested

           Code Smell
        239. Structures should not have too many fields

           Code Smell
        240. The ternary operator should not be used

           Code Smell
        241. Constants should come first in equality tests

           Code Smell
        242. The sign of an unsigned variable should not be tested

           Code Smell
        243. Pointers should not be cast to integral types

           Bug
        244. Identical expressions should not be used on both sides of a binary operator

           Bug
        245. All code should be reachable

           Bug
        246. "#pragma warning (default: ...)" should not be used

           Code Smell
        247. Pre-defined macros should not be defined, redefined or undefined

           Code Smell
        248. Keywords introduced in later specifications should not be used as identifiers

           Code Smell
        249. Loops with at most one iteration should be refactored

           Bug
        250. Type specifiers should be listed in a standard order

           Code Smell
        251. Track "TODO" and "FIXME" comments that do not contain a reference to a person

           Code Smell
        252. The prefix increment/decrement form should be used

           Code Smell
        253. Multiple variables should not be declared on the same line

           Code Smell
        254. Variables should not be self-assigned

           Bug
        255. "struct" names should comply with a naming convention

           Code Smell
        256. File names should comply with a naming convention

           Code Smell
        257. Macro names should comply with a naming convention

           Code Smell
        258. Cyclomatic Complexity of functions should not be too high

           Code Smell
        259. Unused local variables should be removed

           Code Smell
        260. "switch" statements should not have too many "case" clauses

           Code Smell
        261. Track lack of copyright and license headers

           Code Smell
        262. Comments should not be located at the end of lines of code

           Code Smell
        263. Functions/methods should not have too many lines

           Code Smell
        264. Control flow statements "if", "for", "while", "switch" and "try" should not be nested too deeply

           Code Smell
        265. Octal values should not be used

           Code Smell
        266. Using hardcoded IP addresses is security-sensitive

           Security Hotspot
        267. "switch" statements should have "default" clauses

           Code Smell
        268. "if" statements should be preferred over "switch" when simpler

           Code Smell
        269. Track uses of "NOSONAR" comments

           Code Smell
        270. Switch cases should end with an unconditional "break" statement

           Code Smell
        271. "for" loop stop conditions should be invariant

           Code Smell
        272. A "while" loop should be used instead of a "for" loop

           Code Smell
        273. "if ... else if" constructs should end with "else" clauses

           Code Smell
        274. "typedef" should be used for function pointers

           Code Smell
        275. Sections of code should not be commented out

           Code Smell
        276. Floating point numbers should not be tested for equality

           Bug
        277. break statements should not be used except for switch cases

           Code Smell
        278. Function parameters' initial values should not be ignored

           Bug
        279. Statements should be on separate lines

           Code Smell
        280. "switch" statements should not contain non-case labels

           Code Smell
        281. Control structures should use curly braces

           Code Smell
        282. Nested code blocks should not be used

           Code Smell
        283. Deprecated K&R syntax should not be used for function definition

           Code Smell
        284. Methods should not be empty

           Code Smell
        285. Unused function parameters should be removed

           Code Smell
        286. Local variable and function parameter names should comply with a naming convention

           Code Smell
        287. Field names should comply with a naming convention

           Code Smell
        288. "switch case" clauses should not have too many lines of code

           Code Smell
        289. Unused functions and methods should be removed

           Code Smell
        290. Functions should not contain too many return statements

           Code Smell
        291. Track uses of "TODO" tags

           Code Smell
        292. Track uses of "FIXME" tags

           Code Smell
        293. Deprecated code should be removed

           Code Smell
        294. Lines should not end with trailing whitespaces

           Code Smell
        295. Files should end with a newline

           Code Smell
        296. Deprecated attributes should include explanations

           Code Smell
        297. Assignments should not be made from within conditions

           Code Smell
        298. Variables should not be shadowed

           Code Smell
        299. Empty statements should be removed

           Code Smell
        300. Redundant pairs of parentheses should be removed

           Code Smell
        301. "/*" and "//" should not be used within comments

           Code Smell
        302. Magic numbers should not be used

           Code Smell
        303. Insecure functions should not be used

           Vulnerability
        304. Nested blocks of code should not be left empty

           Code Smell
        305. "scanf()" and "fscanf()" format strings should specify a field width for the "%s" string placeholder

           Vulnerability
        306. Functions should not have too many parameters

           Code Smell
        307. Expressions should not be too complex

           Code Smell
        308. Mergeable "if" statements should be combined

           Code Smell
        309. Unused labels should be removed

           Code Smell
        310. Tabulation characters should not be used

           Code Smell
        311. Files should not have too many lines of code

           Code Smell
        312. Control should not be transferred into a complex logic block using a "goto" or a "switch" statement

           Code Smell
        313. Lines should not be too long

           Code Smell
        314. A function should have a single point of exit at the end of the function

           Code Smell
        315. Function names should comply with a naming convention

           Code Smell

        Memory access should be explicitly bounded to prevent buffer overflows

        intentionality - logical
        reliability
        Bug
        • cwe
        • symbolic-execution
        • cert

        Memory accesses should be bounded to prevent buffer overflows.

        Why is this an issue?

        What is the potential impact?

        How can I fix it?

        More Info

        Array overruns and buffer overflows occur when a memory access accidentally goes beyond the boundary of the allocated array or buffer.

        These overreaching accesses cause some of the most damaging and hard to track defects. Not only do these faulty accesses constitute undefined behavior, but they frequently introduce security vulnerabilities, too.

          Available In:
        • SonarQube IdeCatch issues on the fly,
          in your IDE
        • SonarQube CloudDetect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories
        • SonarQube ServerAnalyze code in your
          on-premise CI
          Developer Edition
          Available Since
          9.1

        © 2008-2025 SonarSource SA. All rights reserved.

        Privacy Policy | Cookie Policy | Terms of Use