...
| Code Block | ||||
|---|---|---|---|---|
| ||||
int si;
if (argc > 1) {
si = atoi(argv[1]);
}
|
The atoi(), atol(), and atoll() functions convert the initial portion of a string token to int, long int, and long long int representation , respectively. Except for the behavior on error, they are equivalent as follows:
...
- do not need to set
errnoon an error. - have undefined behavior if the value of the result cannot be represented. (See undefined behavior 113119 of Annex J of C99C11.)
- return 0 if the string does not represent an integer (which is indistinguishable from a correctly formatted, zero-denoting input string), but C99 only but the C Standard only specifies the behavior of these functions on success.
See also rule MSC34-C. Do not use deprecated or obsolete functions.
...
The strtol(), strtoll(), strtoul(), and strtoull() functions convert a null-terminated byte string to long int, long long int, unsigned long int, and unsigned long long int representation , respectively.
This compliant solution uses strtol() to convert a string token to an integer and ensures that the value is in the range of int.
| Code Block | ||||
|---|---|---|---|---|
| ||||
long sl;
int si;
char *end_ptr;
if (argc > 1) {
errno = 0;
sl = strtol(argv[1], &end_ptr, 10);
if ((sl == LONG_MIN || sl == LONG_MAX)
&& errno != 0)
{
perror("strtol error");
}
else if (end_ptr == argv[1]) {
if (puts("error encountered during conversion") == EOF) {
/* Handle Error */
}
}
else if (sl > INT_MAX) {
printf("%ld too large!\n", sl);
}
else if (sl < INT_MIN) {
printf("%ld too small!\n", sl);
}
else if ('\0' != *end_ptr) {
if (puts("extra characters on input line\n") == EOF) {
/* Handle Error */
}
}
else {
si = (int)sl;
}
}
|
Both the non-compliant noncompliant code example and compliant the compliant solution are taken from recommendation INT06-C. Use strtol() or a related function to convert a string token to an integer.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
char *file_name;
FILE *fp;
/* initialize file_name */
fp = fopen(file_name, "r");
if (fp == NULL) {
/* Handle open error */
}
/* read data */
rewind(fp);
/* continue */
|
However, it It is impossible to determine if rewind() succeeded.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
char *file_name;
FILE *fp;
/* initialize file_name */
fp = fopen(file_name, "r");
if (fp == NULL) {
/* Handle open error */
}
/* read data */
if (fseek(fp, 0L, SEEK_SET) != 0) {
/* Handle repositioning error */
}
/* continue */
|
Both the noncompliant code example and the compliant solution are taken from recommendation FIO07-C. Prefer fseek() to rewind().
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
FILE *file;
/* Setup file */
setbuf(file, NULL);
/* ... */
|
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
FILE *file;
char *buf = NULL;
/* Setup file */
if (setvbuf(file, buf, buf ? _IOFBF : _IONBF, BUFSIZ) != 0) {
/* Handle error */
}
/* ... */
|
Both the non-compliant noncompliant code example and the compliant solution are taken from recommendation FIO12-C. Prefer setvbuf() to setbuf().
Risk Assessment
While it Although it is rare for a violation of this rule to result in a security vulnerability, it can easily result in lost or misinterpreted data.
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
ISO/IEC 9899:1999 Section 2011 Section 7.2021.15.45, "The strtol, strtoll, strtoul, and strtoull functions, setbuf function," Section 7.2021.16.27, "The atoi, atol, and atoll functions, sscanf function," Section 7.1921.69.72, "The sscanf fseek function," Section 7.1921.59.5, "The setbuf rewind function," , Section 7.1922.91.2, "The fseek function"; atoi, atol, and atoll functions," and Section 7.1922.91.54, and "The rewind function strtol, strtoll, strtoul, and strtoull functions"
MITRE CWE: CWE-676, "Use of Potentially Dangerous Functionpotentially dangerous function"
MITRE CWE: CWE-20, "Insufficient Input Validationinput validation"
Bibliography
...