SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 43

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 44

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Furthermore, the definition of programmer-defined types may change. This creates a problem using these types with formatted output functions, such as printf(), and formatted input functions, such as scanf(). (see See guideline FIO00-C. Take care when creating format strings.).

The C99 intmax_t and uintmax_t types are capable of representing any value representable by any other integer types of the same signedness. (see See guideline INT00-C. Understand the data model used by your implementation(s).) . This allows conversion between programmer-defined integer types (of the same signedness) and intmax_t and uintmax_t. For example:

Code Block
mytypedef_t x;
uintmax_t temp;
/* ... */
temp = x; /* always secure*/

/* ... change the value of temp ... */

if (temp <= MYTYPEDEF_MAX) {
  x = temp;
}

...

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

INT15-C

high

unlikely

medium

P6

L2

Automated Detection

Tool

Version

Checker

Description

Section

Compass/ROSE

 

 

Section

can catch violations of this rule by scanning the printf() and scanf() family of functions. For each such function, any variable that corresponds to a "%d" qualifier (or any qualifier besides "%j"), and that variable is not one of the built-in types (char, short, int, long, long long) indicates a violation of this rule. To catch violations, ROSE would also have to recognize derived types in expressions, such as size_t

...

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

Related Guidelines

This rule appears in the C++ Secure Coding Standard as : INT15-CPP. Use intmax_t or uintmax_t for formatted IO on programmer-defined integer types.

Bibliography

Wiki Markup
\[[ISO/IEC 9899-1999|AA. Bibliography#ISO/IEC 9899-1999]] Section 7.18.1.5, "Greatest-width integer types," and Section 7.19.6, "Formatted input/output functions"
\[[MITRE 072007|AA. Bibliography#MITRE 07]\] [CWE ID 681|http://cwe.mitre.org/data/definitions/681.html], "Incorrect Conversion between Numeric Types"

...