...
Alternatively, input character data as a null-terminated byte string and convert to an integer value using strtol() or a related function. (See recommendation INT06-C. Use strtol() or a related function to convert a string token to an integer.)
...
This compliant example uses the Linux scanf() implementation's built-in error handling to validate input. On Linux platforms, scanf() sets errno to ERANGE if the result of integer conversion cannot be represented within the size specified by the format string [Linux 2008]. Note that this is a platform-dependent solution. Therefore, this it should only be used only where portability is not a concern.
...
This compliant example uses fgets() to input a string and strtol() to convert the string to an integer. Error checking is provided to make sure that the value is a valid integer in the range of long.
...
Note that this solution treats any trailing characters, including white-space whitespace characters, as an error condition.
...
Tool | Version | Checker | Description | section||
|---|---|---|---|---|---|
Fortify SCA section | V. 5.0 |
| | Section | Can detect violations of this recommendation with the CERT C Rule Pack. | |
| Section | Compass/ROSE |
|
| | Section | Can detect violations of this recommendation. In particular, it notes uses of the |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
CERT C++ Secure Coding Standard: INT05-CPP. Do not use input functions to convert character data if they cannot handle all possible inputs
ISO/IEC 9899:19992011 Section 7.2022.1.4, "The strtol, strtoll, strtoul, and strtoull functions," and Section 7.1921.6, "Formatted input/output functions"
MITRE CWE: CWE-192, "Integer Coercion Errorcoercion error"
MITRE CWE: CWE-197, "Numeric Truncation Errortruncation error"
Bibliography
[Klein 2002]
[Linux 2008] scanf(3)
...