...
Functions in the first column of the following table are hereby defined to be obsolescent functions. To remediate invocations of obsolescent functions, an application might use inline coding that, in all respects, conforms to this guideline, or an alternative library that, in all respects, conforms to this guideline, or alternative non-obsolescent functions.
Obsolescent | Recommended | Rationale |
|---|---|---|
|
| Non-reentrant |
|
| No error detection |
|
| No error detection |
|
| No error detection |
|
| No error detection |
|
| Non-reentrant |
|
| No exclusive access to file |
|
| No exclusive access to file |
|
| No error detection |
|
| No error detection |
The atof, and (), atoi(), atol()atoll functions are obsolescent because the ()strtod(), strtof(), strtol(), strtold(), strtoll(), strtoul(), and strtoull functions can emulate their usage and have more robust error handling capabilities. See INT05-C. Do not use input functions to convert character data if they cannot handle all possible inputs.()
...
The following are hereby defined to be unchecked obsolescent functions:
|
|
|
|
| |||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
To remediate invocations of unchecked obsolescent functions, an application might use inline coding that, in all respects, conforms to this guideline, or an alternative library that, in all respects, conforms to this guideline, or alternative nonobsolescent functions from C11, Annex K:
|
|
|
|
| ||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
or alternative nonobsolescent functions from ISO/IEC TR 24731-2, Extensions to the C Library—Part II: Dynamic Allocation Functions [ISO/IEC TR 24731-2]:
|
|
|
|
|
|
|
|
|
|
|
|
|
Noncompliant Code Example
...
The deprecated and obsolescent functions enumerated in this guideline are commonly associated with software vulnerabilities.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC24-C | High | Probable | Medium | P12 | L1 |
Automated Detection
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| stdlib-use-ato stdlib-macro-ato stdlib-use-atoll stdlib-macro-atoll | Partially checked | ||||||
| CodeSonar |
| BADFUNC.* | A number of CodeSonar's "Use of *" checks are for deprecated/obsolescent functions | ||||||
| CC2.MSC34 | Fully implemented | |||||||
| LDRA tool suite |
| 44 S | Fully implemented | ||||||
| Parasoft C/C++test |
|
|
| MISRA2012-RULE-21_{7,8}, SECURITY-07, SECURITY-12 |
| Polyspace Bug Finder | R2016a | Use of obsolete standard function | Obsolete routines can cause security vulnerabilities and portability issues | ||||||
| RuleChecker |
| stdlib-use-ato stdlib-macro-ato stdlib-use-atoll stdlib-macro-atoll | Partially checked | ||||||
| PVS-Studio | 6.22 | V513, V2001, V2002 | General analysis and Customer specific rule sets |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| CERT C Secure Coding Standard | ERR07-C. Prefer functions that support error checking over equivalent functions that don't |
| ISO/IEC TR 24772 | Use of Libraries [TRJ] |
| MISRA C:2012 | Rule 21.3 (required) |
| MITRE CWE | CWE-20, Insufficient input validation |
Bibliography
| [Apple 2006] | Apple Secure Coding Guide, "Avoiding Race Conditions and Insecure File Operations" |
| [Burch 2006] | Specifications for Managed Strings, Second Edition |
| [Drepper 2006] | Section 2.2.1 "Identification When Opening" |
| [IEEE Std 1003.1:2013] | XSH, System Interfaces, open |
| ISO/IEC 23360-1:2006 |
| [ISO/IEC WG14 N1173] | Rationale for TR 24731 Extensions to the C Library Part I: Bounds-checking interfaces |
| [Klein 2002] | "Bullet Proof Integer Input Using strtol()" |
| [Linux 2008] | strtok(3) |
| [Seacord 2013] | Chapter 2, "Strings" Chapter 8, "File I/O" |
| [Seacord 2005b] | "Managed String Library for C, C/C++" |
...
...