Page History

...

Alternatively, input character data as a null-terminated byte string and convert to an integer value using strtol() or a related function. (See guideline recommendation INT06-C. Use strtol() or a related function to convert a string token to an integer.)

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C++ Secure Coding Standard: INT05-CPP. Do not use input functions to convert character data if they cannot handle all possible inputs

...

Wiki Markup\[[Klein 2002|AA. Bibliography#Klein 02]\] \[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 7.20.1.4, "The strtol, strtoll, strtoul, and strtoull functions," and Section 7.19.6, "Formatted input/output functions"

MITRE CWE: CWE-192, "Integer Coercion Error"

MITRE CWE: CWE-197, "Numeric Truncation Error"

Bibliography

Wiki Markup

\[[Klein 2002|AA. Bibliography#Klein 02]\]
\[[MITRE 2007|AA. Bibliography#MITRE 07]\] [CWE ID 192|http://cwe.mitre.org/data/definitions/192.html], "Integer Coercion Error"; and [CWE ID 197|http://cwe.mitre.org/data/definitions/197.html], "Numeric Truncation Error"
\[[Linux 2008|AA. Bibliography#Linux 08]\] [{{scanf(3)}}|http://www.kernel.org/doc/man-pages/online/pages/man3/scanf.3.html]

...

Space shortcuts

Page tree

Versions Compared

Old Version 72

New Version 73

Key

Related Guidelines

Bibliography