...
Compliant Solution (Linux)
Wiki Markup scanf()}} implementation's built in error handling to validate input. On Linux platforms, {{scanf()}} sets {{errno}} to {{ERANGE}} if the result of integer conversion cannot be represented within the size specified by the format string \ [[Linux 2008|AA. Bibliography#Linux 08]\]. Note that this is a platform dependent solution. Therefore, this should only be used where portability is not a concern.
| Code Block | ||||
|---|---|---|---|---|
| ||||
long sl;
errno = 0;
if (scanf("%ld", &sl) != 1) {
/* handle error */
}
else if (ERANGE == errno) {
if (puts("number out of range\n") == EOF) {
/* Handle error */
}
}
|
...
MITRE CWE: CWE-197, "Numeric Truncation Error"
Bibliography
...
\[[Klein 2002|AA. Bibliography#Klein 02]\]
\[]
[Linux 2008|AA. Bibliography#Linux 08]\] [{{scanf(3)}}|http://www.kernel.org/doc/man-pages/online/pages/man3/scanf.3.html]
...
INT04-C. Enforce limits on integer values originating from untrusted sources 04. Integers (INT) INT06-C. Use strtol() or a related function to convert a string token to an integer