CERT C: Rec. EXP16-C

Do not compare function pointers to constant values

Since R2026a

expand all in page

Description

Do not compare function pointers to constant values.¹

Polyspace Implementation

The rule checker checks for Function pointer compared to constant value.

Examples

expand all

Function pointer compared to constant value

Issue

The issue occurs if the code compares the value of a function pointer to:

A non-null constant
A null constant with a type different from the exact function pointer type or void*

In this definition, a null constant is any constant value that represents a null pointer. Typical values include:

0
NULL
(void *)0
A casted zero such as (return_type (*)(args))0

A non-null constant is any constant value other than 0 or NULL.

The comparison can be explicit using operators such as ==, !=, <, <=, >, and >= or implicit using constructs such as if (fct_ptr), while (fct_ptr), do ... while(fct_ptr), or (fct_ptr) ? X : Y).

Polyspace does not report a violation if the function pointer is explicitly cast, or if the function pointer is compared to a variable, a const variable, or a function call. No violation is raised for comparisons using the address of the function pointer.

Risk

Function pointers in C represent the addresses of functions in memory. Comparing a function pointer to a constant, such as 0 or NULL, in a way that does not account for type correctness always yields the same result regardless of program logic because function addresses are never zero in standard-conforming implementations.

Such a comparison can result in unexpected behavior or security vulnerabilities.

Fix

This issue can happen due to a programmer error, such as missing open and close parentheses, which results in using a pointer to the function instead of the intended function call.

In some situations, the correct approach is to compare function pointers only to a null pointer of the same type.

Example — Comparison of Function Pointer to Null Constant

In this example, func_ptr is compared to 0 using the explicit comparison !=.

#include <stdio.h>

void my_function(void) {
    printf("Hello\n");
}

int main(void) {
    void (*func_ptr)(void) = my_function;

    if (func_ptr != 0) {    // Noncompliant
        func_ptr();
    }

    return 0;
}

Correction — Compare to Null Function Pointer of Same Type

You can fix this issue by using an explicit cast to compare func_ptr to a null function pointer of the same type.

#include <stdio.h>

void my_function(void) {
    printf("Hello\n");
}

int main(void) {
    void (*func_ptr)(void) = my_function;

    if (func_ptr != (void (*)(void))NULL) {	// Compliant
        func_ptr();
    }

    return 0;
}

Check Information

Group: Rec. 03. Expressions (EXP)

PQL Name: std.cert.EXP16_C

Version History

Introduced in R2026a

¹ This software has been created by MathWorks incorporating portions of: the “SEI CERT-C Website,” © 2017 Carnegie Mellon University, the SEI CERT-C++ Web site © 2017 Carnegie Mellon University, ”SEI CERT C Coding Standard – Rules for Developing safe, Reliable and Secure systems – 2016 Edition,” © 2016 Carnegie Mellon University, and “SEI CERT C++ Coding Standard – Rules for Developing safe, Reliable and Secure systems in C++ – 2016 Edition” © 2016 Carnegie Mellon University, with special permission from its Software Engineering Institute.

ANY MATERIAL OF CARNEGIE MELLON UNIVERSITY AND/OR ITS SOFTWARE ENGINEERING INSTITUTE CONTAINED HEREIN IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

This software and associated documentation has not been reviewed nor is it endorsed by Carnegie Mellon University or its Software Engineering Institute.