SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 14

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 15

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • do not need to set errno on an error.
  • have undefined behavior if the value of the result cannot be represented. (see See undefined behavior 113 of Annex J of C99.)
  • some implementations return 0 if the string does not represent an integer (which is indistinguishable from a correctly formatted, zero-denoting input string), but C99 only specifies the behavior of these functions on success.

See also rule MSC34-C. Do not use deprecated or obsolescent functions.

...

Both the non-compliant code example and compliant solution are taken from recommendation INT06-C. Use strtol() or a related function to convert a string token to an integer.

...

Code Block
bgColor#ccccff
char *file_name;
FILE *fp;

/* initialize file_name */

fp = fopen(file_name, "r");
if (fp == NULL) {
  /* Handle open error */
}

/* read data */

if (fseek(fp, 0L, SEEK_SET) != 0) {
  /* Handle repositioning error */
}

/* continue */

Both the non-compliant noncompliant code example and compliant solution are taken from recommendation FIO07-C. Prefer fseek() to rewind().

...

Both the non-compliant code example and compliant solution are taken from recommendation FIO12-C. Prefer setvbuf() to setbuf().

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Bibliography

Related Guidelines

Wiki Markup\[[Klein 02|AA. Bibliography#Klein 02]\] \[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 7.20.1.4, "The {{strtol}}, {{strtoll}}, {{strtoul}}, and {{strtoull}} functions," Section 7.20.1.2, "The {{atoi}}, {{atol}}, and {{atoll}} functions," Section 7.19.6.7, "The {{sscanf}} function," Section 7.19.5.5, "The {{setbuf}} function", Section 7.19.9.2, "The fseek function"; 7.19.9.5, and "The rewind function"

MITRE CWE: CWE-676, "Use of Potentially Dangerous Function"

MITRE CWE: CWE-20, "Insufficient Input Validation"

Bibliography

Wiki Markup
\[[Klein 2002|AA. Bibliography#Klein 02]\]
\[[MITRE 07|AA. Bibliography#MITRE 07]\] [CWE ID 676|http://cwe.mitre.org/data/definitions/676.html], "Use of Potentially Dangerous Function," and [CWE ID 20|http://cwe.mitre.org/data/definitions/20.html], "Insufficient Input Validation"

...

      12. Error Handling (ERR)      ERR31-C. Don't redefine errno