...
| Code Block | ||||
|---|---|---|---|---|
| ||||
int si;
if (argc > 1) {
si = atoi(argv[1]);
}
| ||||
The atoi(), atol(), and atoll() functions convert the initial portion of a string token to int, long int, and long long int representation respectively. Except for the behavior on error, they are equivalent as follows:
...
- Do not need to set
errnoon an error. - Have undefined BB. Definitions#undefined behavior if the value of the result cannot be represented. (See undefined behavior CC. Undefined Behavior#ub_119 of Annex J of the C Standard.)
- Return 0 if the string does not represent an integer (which is indistinguishable from a correctly formatted, zero-denoting input string), but the C Standard only specifies the behavior of these functions on success.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
long sl;
int si;
char *end_ptr;
if (argc > 1) {
errno = 0;
sl = strtol(argv[1], &end_ptr, 10);
if ((sl == LONG_MIN || sl == LONG_MAX)
&& errno != 0)
{
perror("strtol error");
}
else if (end_ptr == argv[1]) {
if (puts("error encountered during conversion") == EOF) {
/* Handle error */
}
}
else if (sl > INT_MAX) {
printf("%ld too large!\n", sl);
}
else if (sl < INT_MIN) {
printf("%ld too small!\n", sl);
}
else if ('\0' != *end_ptr) {
if (puts("extra characters on input line\n") == EOF) {
/* Handle error */
}
}
else {
si = (int)sl;
}
}
| ||||
Both the noncompliant code example and the compliant solution are taken from INT06-C. Use strtol() or a related function to convert a string token to an integer.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
char *file_name;
FILE *fp;
/* Initialize file_name */
fp = fopen(file_name, "r");
if (fp == NULL) {
/* Handle open error */
}
/* Read data */
rewind(fp);
/* Continue */
| ||||
It is impossible to determine if rewind() succeeded.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
char *file_name;
FILE *fp;
/* Initialize file_name */
fp = fopen(file_name, "r");
if (fp == NULL) {
/* Handle open error */
}
/* Read data */
if (fseek(fp, 0L, SEEK_SET) != 0) {
/* Handle repositioning error */
}
/* Continue */
| ||||
Noncompliant Code Example (setbuf())
...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| FILE *file;
/* Setup file */
setbuf(file, NULL);
/* ... */
||||||
It is not possible to determine if the call to setbuf() succeeded.
...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| FILE *file;
char *buf = NULL;
/* Setup file */
if (setvbuf(file, buf, buf ? _IOFBF : _IONBF, BUFSIZ) != 0) {
/* Handle error */
}
/* ... */
||||||
Risk Assessment
Although it is rare for a violation of this rule to result in a security vulnerability BB. Definitions#vulnerability, it can easily result in lost or misinterpreted data.
...
Bibliography
| [Klein 2002AA. Bibliography#Klein 02] | "Bullet Proof Integer Input Using strtol()" |
...