SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 71

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 72

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Alternatively, input character data as a null-terminated byte string and convert to an integer value using strtol() or a related function. (see See guideline INT06-C. Use strtol() or a related function to convert a string token to an integer.).

Noncompliant Code Example

...

In general, do not use scanf() to parse integers or floating-point numbers from input strings , because the input could contain numbers not representable by the argument type.

...

Wiki Markup
This compliant example uses the Linux {{scanf()}} implementation's built in error handling to validate input. On Linux platforms, {{scanf()}} sets {{errno}} to {{ERANGE}} if the result of integer conversion cannot be represented within the size specified by the format string \[[Linux 082008|AA. Bibliography#Linux 08]\]. Note that this is a platform dependent solution. Therefore, this should only be used where portability is not a concern.

...

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

INT05-C

medium

probable

high

P4

L3

Automated Detection

Tool

Version

Checker

Description

Section

Fortify SCA

...

Section

V. 5.0

 

Section

can detect violations of this recommendation with the CERT C Rule Pack

...

Section

Compass/ROSE

 

 

Section

can detect violations of this recommendation. In particular, it notes uses of the scanf() family of functions where on the type specifier is a floating point or integer type

...

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

Related Guidelines

This rule appears in the C++ Secure Coding Standard as : INT05-CPP. Do not use input functions to convert character data if they cannot handle all possible inputs.

Bibliography

Wiki Markup
\[[Klein 022002|AA. Bibliography#Klein 02]\]
\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 7.20.1.4, "The strtol, strtoll, strtoul, and strtoull functions," and Section 7.19.6, "Formatted input/output functions"
\[[MITRE 072007|AA. Bibliography#MITRE 07]\] [CWE ID 192|http://cwe.mitre.org/data/definitions/192.html], "Integer Coercion Error"; and [CWE ID 197|http://cwe.mitre.org/data/definitions/197.html], "Numeric Truncation Error"
\[[Linux 082008|AA. Bibliography#Linux 08]\] [{{scanf(3)}}|http://www.kernel.org/doc/man-pages/online/pages/man3/scanf.3.html]

...