...
To remediate invocations of unchecked Obsolete functions, an application might use inline coding that, in all respects, conforms to this guideline, or an alternative library that, in all respects, conforms to this guideline, or alternative non-Obsolete functions from ISO/IEC TR 24731 (Part 1I):
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
or alternative non-Obsolete functions from ISO/IEC DTR TR 24731-2:2010 (Part 2II):
|
|
|
|
|
|
|
|
|
|
|
|
|
|
...
[Burch 2006]
[CERT 2006c]
[Seacord 2005a] Chapter 2, "Strings"
Bibliography
[Apple 2006] Apple Secure Coding Guide] , "Avoiding Race Conditions and Insecure File Operations"
[CERT C Secure Coding Standard 2010] "MSC34-C. Do not use deprecated or obsolete functions", "FIO01-C. Be careful using functions that use file names for identification", "FIO07-C. Prefer fseek() to rewind()", "FIO12-C. Prefer setvbuf() to setbuf()", "INT05-C. Do not use input functions to convert character data if they cannot handle all possible inputs", "INT06-C. Use strtol() or a related function to convert a string token to an integer", "STR06-C. Do not assume that strtok() leaves the parse string unchanged", "STR07-C. Use TR 24731 for remediation of existing string manipulation code"
[Drepper 2006] Section 2.2.1 "Identification When Opening"
[Klein 2002]
[Linux 2007] strtok(3)
[Open Group 2004] "The open function"
[Seacord 2005a] Chapter 2, "Strings," and Chapter 7, "File I/O"
[Seacord 2005b]
...