SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 9

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 10

changes.mady.by.user Amy Gale

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added CodeSonar row to "Automated Detection" table

...

It is rare for a violation of this rule to result in a security vulnerability unless it occurs in security-sensitive code. However, violations of this rule can easily result in lost or misinterpreted data. 

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

ERR62-CPP

Medium

Unlikely

Medium

P4

L3

Automated Detection

Tool

Version

Checker

Description

Clang

Include Page
Clang_39_V
Clang_39_V

cert-err34-c

Checked by clang-tidy; only identifies use of unsafe C Standard Library functions corresponding to ERR34-C
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

BADFUNC.ATOF
BADFUNC.ATOI
BADFUNC.ATOF
BADFUNC.ATOF

Use of atof
Use of atoi
Use of atol
Use of atoll

Related Vulnerabilities

Search for other vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C Coding Standard

ERR34-C. Detect errors when converting a string to a number

MITRE CWECWE-676, Use of potentially dangerous function
CWE-20, Insufficient input validation

Bibliography

[ISO/IEC 9899:1999]Subclause 7.22.1, "Numeric conversion functions"
Subclause 7.21.6, "Formatted input/output functions"
[ISO/IEC 14882-2014]

Subclause 22.4.2.1.1, "num_get members"
Subclause 27.7.2.2, "Formatted input functions"

...


...