SonarSource Rules
  • Products

    In-IDE

    Code Quality and Security in your IDE with SonarQube Ide

    IDE extension that lets you fix coding issues before they exist!

    Discover SonarQube for IDE

    SaaS

    Code Quality and Security in the cloud with SonarQube Cloud

    Setup is effortless and analysis is automatic for most languages

    Discover SonarQube Cloud

    Self-Hosted

    Code Quality and Security Self-Hosted with SonarQube Server

    Fast, accurate analysis; enterprise scalability

    Discover SonarQube Server
  • SecretsSecrets
  • ABAPABAP
  • AnsibleAnsible
  • ApexApex
  • AzureResourceManagerAzureResourceManager
  • CC
  • C#C#
  • C++C++
  • CloudFormationCloudFormation
  • COBOLCOBOL
  • CSSCSS
  • DartDart
  • DockerDocker
  • FlexFlex
  • GitHub ActionsGitHub Actions
  • GoGo
  • HTMLHTML
  • JavaJava
  • JavaScriptJavaScript
  • JSONJSON
  • JCLJCL
  • KotlinKotlin
  • KubernetesKubernetes
  • Objective CObjective C
  • PHPPHP
  • PL/IPL/I
  • PL/SQLPL/SQL
  • PythonPython
  • RPGRPG
  • RubyRuby
  • RustRust
  • ScalaScala
  • SwiftSwift
  • TerraformTerraform
  • TextText
  • TypeScriptTypeScript
  • T-SQLT-SQL
  • VB.NETVB.NET
  • VB6VB6
  • XMLXML
  • YAMLYAML
C

C static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C code

  • All rules 315
  • Vulnerability13
  • Bug76
  • Security Hotspot19
  • Code Smell207

  • Quick Fix 19
 
Tags
    Impact
      Clean code attribute
        1. "abort", "exit", "getenv" and "system" from <stdlib.h> should not be used

           Bug
        2. "atof", "atoi" and "atol" from <stdlib.h> should not be used

           Bug
        3. "<signal.h>" should not be used

           Bug
        4. Dynamic heap memory allocation should not be used

           Bug
        5. Lines starting with "#" should contain valid preprocessing directives

           Bug
        6. Macros used in preprocessor directives should be defined before use

           Bug
        7. Function-like macros should not be invoked without all of their arguments

           Bug
        8. "#include" directives should be followed by either <filename> or "filename" sequences

           Bug
        9. Non-standard characters should not occur in header file names in "#include" directives

           Bug
        10. The address of an automatic object should not be assigned to another object that may persist after the first object has ceased to exist

           Bug
        11. Function exit paths should have appropriate return values

           Bug
        12. The number of arguments passed to a function should match the number of parameters

           Bug
        13. Evaluation of the operand to the sizeof operator shall not contain side effects

           Bug
        14. Non-empty statements should change control flow or have at least one side-effect

           Bug
        15. Unary minus should not be applied to an unsigned expression

           Bug
        16. Bitwise operators should not be applied to signed operands

           Bug
        17. Boolean operations should not have numeric operands, and vice versa

           Bug
        18. Objects with integer type should not be converted to objects with pointer type

           Bug
        19. Pointer conversions should be restricted to a safe subset

           Bug
        20. Function pointers should not be converted to any other type

           Bug
        21. Results of ~ and << operations on operands of underlying types unsigned char and unsigned short should immediately be cast to the operand's underlying type

           Bug
        22. Variables should be initialized before use

           Bug
        23. String literals with different prefixes should not be concatenated

           Bug
        24. Only escape sequences defined in the ISO C standard should be used

           Bug
        25. Macro arguments should not contain preprocessing directives

           Bug
        26. Variables should not be accessed outside of their scope

           Bug
        27. "volatile" should not be used to qualify objects for which the meaning is not defined

           Bug
        28. Relational and subtraction operators should not be used with pointers to different arrays

           Bug
        29. Arguments evaluation order should not be relied on

           Bug
        30. "#pragma pack" should be used correctly

           Bug
        31. Enums should be consistent with the bit fields they initialize

           Bug
        32. "pthread_mutex_t" should be unlocked in the reverse order they were locked

           Bug
        33. "pthread_mutex_t" should be properly initialized and destroyed

           Bug
        34. "pthread_mutex_t" should not be locked when already locked, or unlocked when already unlocked

           Bug
        35. User-defined types should not be passed as variadic arguments

           Bug
        36. Functions with "noreturn" attribute should not return

           Bug
        37. "memcmp" should only be called with pointers to trivially copyable types with no padding

           Bug
        38. Array values should not be replaced unconditionally

           Bug
        39. Integral operations should not overflow

           Bug
        40. "case" ranges should not be empty

           Bug
        41. All branches in a conditional structure should not have exactly the same implementation

           Bug
        42. Parameter values should be appropriate

           Bug
        43. Declaration specifiers should not be redundant

           Bug
        44. Stack allocated memory and non-owned memory should not be freed

           Bug
        45. Closed resources should not be accessed

           Bug
        46. Dynamically allocated memory should be released

           Bug
        47. Freed memory should not be used

           Bug
        48. Memory locations should not be released more than once

           Bug
        49. Memory access should be explicitly bounded to prevent buffer overflows

           Bug
        50. Zero should not be a possible denominator

           Bug
        51. "sizeof" should not be called on pointers

           Bug
        52. Unary prefix operators should not be repeated

           Bug
        53. Non-existent operators like "=+" should not be used

           Bug
        54. Values of different "enum" types should not be compared

           Bug
        55. The "sizeof" and "alignof" operator should not be used with operands of a "void" type

           Bug
        56. "nonnull" parameters and return values of "returns_nonnull" functions should not be null

           Bug
        57. Conditionally executed code should be reachable

           Bug
        58. The "<stdlib.h>" functions "bsearch" and "qsort" should not be used

           Bug
        59. Line-splicing should not be used in "//" comments

           Bug
        60. Printf-style format strings should not lead to unexpected behavior at runtime

           Bug
        61. Null pointers should not be dereferenced

           Bug
        62. Single-bit named bit fields should not be of a signed type

           Bug
        63. "for" loop counters should not have essentially floating type

           Bug
        64. Recursion should not be infinite

           Bug
        65. Values should not be uselessly incremented

           Bug
        66. Resources should be closed

           Bug
        67. Line continuation characters '\' should not be followed by trailing whitespace

           Bug
        68. "sizeof(sizeof(...))" should not be used

           Bug
        69. Related "if/else if" statements should not have the same condition

           Bug
        70. Pointers should not be cast to integral types

           Bug
        71. Identical expressions should not be used on both sides of a binary operator

           Bug
        72. All code should be reachable

           Bug
        73. Loops with at most one iteration should be refactored

           Bug
        74. Variables should not be self-assigned

           Bug
        75. Floating point numbers should not be tested for equality

           Bug
        76. Function parameters' initial values should not be ignored

           Bug

        "abort", "exit", "getenv" and "system" from <stdlib.h> should not be used

        consistency - conventional
        reliability
        Bug
        • cert
        • misra-c++2008
        • misra-c2004
        • misra-c2012

        Why is this an issue?

        More Info

        <stdlib.h>'s abort, exit, getenv, and system have implementation-defined behaviors, and should therefore be avoided.

        Noncompliant code example

        #include <stdlib.h>
        
        void f( ) {
          exit(0); // Noncompliant
        }
        
          Available In:
        • SonarQube IdeCatch issues on the fly,
          in your IDE
        • SonarQube CloudDetect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories
        • SonarQube ServerAnalyze code in your
          on-premise CI
          Developer Edition
          Available Since
          9.1

        © 2008-2025 SonarSource SA. All rights reserved.

        Privacy Policy | Cookie Policy | Terms of Use