...
| Code Block | ||
|---|---|---|
| ||
#include <stdio.h>
/* ... */
mytypedef_t x;
/* ... */
if(scanf("%llu", &x) != 1) {
/* handle error */
}
|
This non-compliant code could example can result in a buffer overflow, if the size of mytypedef_t is smaller than unsigned long long, or it might result in an incorrect value if the size of mytypedef_t is larger than unsigned long long.
...
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
INT15-A | high | unlikely | medium | P6 | L2 |
Automated Detection
The tool Compass/ROSE could can catch violations of this rule by scanning the printf() and scanf() family of functions. For each such function, any variable that corresponds to a "%d" qualifier (or any qualifier besides "%j"), and that variable is not one of the built-in types (char, short, int, long, long long) indicates a violation of this rule.
...