Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This noncompliant code example uses the scanf() function to read a string from stdin and convert it to a long. The scanf() and fscanf() functions have undefined behavior if the value of the result of this operation cannot be represented as an integer.

...

This compliant example uses the Linux scanf() implementation's built-in error handling to validate input. On Linux platforms, scanf() sets errno to ERANGE if the result of integer conversion cannot be represented within the size specified by the format string [Linux 2008]. Note that this is a platform-dependent solution. Therefore, it should be used only where portability is not a concern.

...

Although it is relatively rare for a violation of this recommendation to result in a security vulnerability, it can easily result in lost or misinterpreted data.

...

Tool

Version

Checker

Description

Fortify SCA

V. 5.0

 

Can detect violations of this recommendation with the CERT C Rule Pack.

Compass/ROSE

 

 

Can detect violations of this recommendation. In particular, it notes uses of the scanf() family of functions where on the type specifier is a floating-point or integer type.

PRQA QA-C
Include Page
PRQA_V
PRQA_V
 Warncall for scanf etcFully implemented

Related Vulnerabilities

...

MITRE CWE: CWE-197, "Numeric truncation error"

Bibliography

[Klein 2002]
[Linux 2008] scanf(3)

...