Page History

Do not use deprecated or obsolescent functions when more secure equivalent functions are available.
Deprecated functions are defined by the C99 standard and Technical CorrigendaC Standard. Obsolescent functions are defined by this guidelinerecommendation.

Deprecated Functions

The gets() function was deprecated by Technical Corrigendum 3 to C99 and eliminated from C11. The Annex K gets_s() function is a recommended alternative to gets().

Obsolescent Functions

Wiki Markup

The following functions are obsolescent and should be avoided in favor of either the portable equivalent or, if available, the more secure alternatives defined in \[[ISO/IEC TR 24731-1|AA. Bibliography#ISO/IEC TR 24731-1-2007]\] Extensions to the C Library, --- Part I: Bounds-checking interfaces, and \[[ISO/IEC TR 24731-2|AA. Bibliography#ISO/IEC TR 24731-2-2010]\] Extensions to the C Library, --- Part II: Dynamic Allocation Functions. (Several of the "Portable Equivalent" entries are specified in the POSIX standard.)

Function	Portable Equivalent	Secure Alternative
`asctime`		`asctime_s`
`atof`	`strtod`
`atoi`	`strtol`
`atol`	`strtol`
`atoll`	`strtoll`
`bsearch`		`bsearch_s`
`ctime`		`ctime_s`
`fopen`	`fmemopen,open_memstream`	`fopen_s`
`fopen`	`open_wmemstream`
`fprintf`		`fprintf_s`
`freopen`		`freopen_s`
`fscanf`	`getdelim,getline`	`fscanf_s`
`fwprintf`		`fwprintf_s`
`fwscanf`	`getwdelim,getwline`	`fwscanf_s`
`getenv`		`getenv_s`
`gmtime`		`gmtime_s`
`localtime`		`localtime_s`
`mbsrtowcs`		`mbsrtowcs_s`
`mbstowcs`		`mbstowcs_s`
`memcpy`		`memcpy_s`
`memmove`		`memmove_s`
`printf`		`printf_s`
`qsort`		`qsort_s`
`remove`
`rename`
`rewind`	`fseek`
`setbuf`	`vsetbuf`
`snprintf`		`snprintf_s`
`sprintf`	`asprintf`	`sprintf_s`
`sscanf`		`sscanf_s`
`strcat`		`strcat_s`
`strcpy`	`stpcpy,strdup`	`strcpy_s`
`strerror`	`strerror_r`	`strerror_s`
`strncat`		`strncat_s`
`strncpy`	`stpncpy,strndup`	`strncpy_s`
`strtok`	`strtok_r`	`strtok_s`
`swprintf`	`aswprintf`	`swprintf_s`
`swscanf`		`swscanf_s`
`tmpfile`	`mkstemp`	`tmpfile_s`
`tmpfile_s`	`mkstemp`
`tmpnam`	`mkstemp`	`tmpnam_s`
`vfprintf`		`vfprintf_s`
`vfscanf`		`vfscanf_s`
`vfwprintf`		`vfwprintf_s`
`vfwscanf`		`vfwscanf_s`
`vprintf`		`vprintf_s`
`vscanf`		`vscanf_s`
`vsnprintf`		`vsnprintf_s`
`vsprintf`	`vasprintf`	`vsprintf_s`
`vsscanf`		`vsscanf_s`
`vswprintf`	`vaswprintf`	`vswprintf_s`
`vswscanf`		`vswscanf_s`
`vwprintf`		`vwprintf_s`
`vwscanf`		`vwscanf_s`
`wcrtomb`		`wcrtomb_s`
`wcscat`		`wcscat_s`
`wcscpy`		`wcscpy_s`
`wcsncat`		`wcsncat_s`
`wcsncpy`		`wcsncpy_s`
`wcsrtombs`		`wcsrtombs_s`
`wcstok`		`wcstok_s`
`wcstombs`		`wcstombs_s`
`wctomb`		`wctomb_s`
`wmemcpy`		`wmemcpy_s`
`wmemmove`		`wmemmove_r`
`wprintf`		`wprintf_s`
`wscanf`		`wscanf_s`

Noncompliant Code Example

In this noncompliant code example, strcat() and strcpy() are used.

Code Block

bgColor	#FFcccc


enum { BUFFERSIZE=256 };

void complain(const char *msg) {
  static const char prefix[] = "Error: ";
  static const char suffix[] = "\n";
  char buf[BUFFERSIZE];

  strcpy(buf, prefix);
  strcat(buf, msg);
  strcat(buf, suffix);
  fputs(buf, stderr);
}

Compliant Solution

In this compliant solution, strcat() and strcpy() are replaced by strcat_s() and strcpy_s().

Code Block

bgColor	#ccccFF


enum { BUFFERSIZE=256 };

void complain(const char *msg) {
  static const char prefix[] = "Error: ";
  static const char suffix[] = "\n";
  char buf[BUFFERSIZE];

  strcpy_s(buf, BUFFERSIZE, prefix);
  strcat_s(buf, BUFFERSIZE, msg);
  strcat_s(buf, BUFFERSIZE, suffix);
  fputs(buf, stderr);
}

Risk Assessment

The deprecated and obsolescent enumerated in this guideline are commonly associated with software vulnerabilities.

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
MSC34-C	high	likely	medium	P9	L2

Automated Detection

Unknown.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

ISO/IEC 9945:2003

ISO/IEC 9899:1999 Section 7.21, "String handling <string.h>"

ISO/IEC 23360-1:2006

ISO/IEC TR 24731-1:2007

ISO/IEC PDTR 24731-2

MISRA Rule 20.4

Bibliography

Wiki Markup
\[[Burch 2006\|AA. Bibliography#Burch06]\] \[[CERT 2006c\|AA. Bibliography#CERT 06c]\] \[[Seacord 2005a\|AA. Bibliography#Seacord 05a]\] Chapter 2, "Strings"

Using deprecated or obsolescent functions shall be diagnosed because there exist equivalent functions that are more secure.

Deprecated functions are defined by the C99 standard and Technical Corrigenda. Obsolescent functions are defined by this guideline.

When an analyzer determines that an out-of-bounds store cannot occur in a specific invocation of a function, the invocation of that function is permitted by this guideline, and the analyzer is not required to produce any diagnostic.

Deprecated Functions

The gets function was deprecated by Technical Corrigendum 3 to C99 and eliminated from C1X.

Obsolescent Functions

Functions in the first column of the following table are hereby defined to be obsolescent functions. To remediate invocations of obsolescent functions, an application might use inline coding that, in all respects, conforms to this guideline, or an alternative library that, in all respects, conforms to this guideline, or alternative non-obsolescent functions.

Obsolescent Function	Recommended Alternative	Rationale
`asctime`	`asctime_s`	Non-reentrant.
`atof`	`strtod`	No error detection.
`atoi`	`strtol`	No error detection.
`atol`	`strtol`	No error detection.
`atoll`	`strtoll`	No error detection.
`ctime`	`ctime_s`	Non-reentrant.
`fopen`	`fopen_s`	No exclusive access to file.
`freopen`	`freopen_s`	No exclusive access to file.
`rewind`	`fseek`	No error detection.
`setbuf`	`setvbuf`	No error detection.

Wiki Markup

The {{atof, atoi, atol}}, and {{atoll}} functions are obsolescent because the {{strod, strtof, strtol, strtold, strtoll, strotul}}, and {{strtoull}} functions can emulate their usage and have more robust error handling capabilities. See guideline [INT05-C. Do not use input functions to convert character data if they cannot handle all possible inputs|seccode:INT05-C. Do not use input functions to convert character data if they cannot handle all possible inputs] \[[CERT C Secure Coding Standard 2010|Bibliography#CERT C Secure Coding Standard 10]\].

Wiki Markup

The {{fopen}} and {{freopen}} functions are obsolescent because the {{fopen_s}} and {{freopen_s}} functions can emulate their usage and improve security by protecting the file from unauthorized access by setting its file protection and opening the file with exclusive access \[[ISO/IEC WG14 N1173|Bibliography#ISO/IEC WG14 N1173]\].

Wiki Markup

The {{setbuf}} function is obsolescent because {{setbuf}} does not return a value and can be emulated using {{setvbuf}}. See guideline [FIO12-C. Prefer setvbuf() to setbuf()|seccode:FIO12-C. Prefer setvbuf() to setbuf()] \[[CERT C Secure Coding Standard 2010|Bibliography#CERT C Secure Coding Standard 10]\].

Wiki Markup

The {{rewind}} function is obsolescent because {{rewind}} does not return a value and can be emulated using {{fseek}}. See guideline [FIO07-C. Prefer fseek() to rewind()|seccode:FIO07-C. Prefer fseek() to rewind()] \[[CERT C Secure Coding Standard 2010|Bibliography#CERT C Secure Coding Standard 10]\].

The asctime and ctime functions are obsolescent because they use non-reentrant static buffers and can be emulated using asctime_s and ctime_s.

Unchecked Obsolescent Functions

The following are hereby defined to be unchecked obsolescent functions:

	`bsearch`		`fprintf`	`fscanf`	`fwprintf`	`fwscanf`
`getenv`	`gmtime`	`localtime`	`mbsrtowcs`	`mbstowcs`	`memcpy`	`memmove`
`printf`	`qsort`	`setbuf`	`snprintf`	`sprintf`	`sscanf`	`strcat`
`strcpy`	`strerror`	`strncat`	`strncpy`	`strtok`	`swprintf`	`swscanf`
`vfprintf`	`vfscanf`	`vfwprintf`	`vfwscanf`	`vprintf`	`vscanf`	`vsnprintf`
`vsprintf`	`vsscanf`	`vswprintf`	`vswscanf`	`vwprintf`	`vwscanf`	`wcrtomb`
`wcscat`	`wcscpy`	`wcsncat`	`wcsncpy`	`wcsrtombs`	`wcstok`	`wcstombs`
`wctomb`	`wmemcpy`	`wmemmove`	`wprintf`	`wscanf`

To remediate invocations of unchecked obsolescent functions, an application might use inline coding that, in all respects, conforms to this guideline, or an alternative library that, in all respects, conforms to this guideline, or alternative non-obsolescent functions from ISO/IEC TR 24731 (Part 1)

`abort_handler_s`		`bsearch_s`		`fprintf_s`	`freopen_s`	`fscanf_s`
`fwprintf_s`	`fwscanf_s`	`getenv_s`	`gets_s`	`gmtime_s`	`ignore_handler_s`	`localtime_s`
`mbsrtowcs_s`	`mbstowcs_s`	`memcpy_s`	`memmove_s`	`printf_s`	`qsort_s`	`scanf_s`
`set_constraint_handler_s`	`snprintf_s`	`snwprintf_s`	`sprintf_s`	`sscanf_s`	`strcat_s`	`strcpy_s`
`strerror_s`	`strerrorlen_s`	`strncat_s`	`strncpy_s`	`strnlen_s`	`strtok_s`	`swprintf_s`
`swscanf_s`	`vfprintf_s`	`vfscanf_s`	`vfwprintf_s`	`vfwscanf_s`	`vprintf_s`	`vscanf_s`
`vsnprintf_s`	`vsnwprintf_s`	`vsprintf_s`	`vsscanf_s`	`vswprintf_s`	`vswscanf_s`	`vwprintf_s`
`vwscanf_s`	`wcrtomb_s`	`wcrtoms_s`	`wcscat_s`	`wcscpy_s`	`wcsncat_s`	`wcsncpy_s`
`wcsnlen_s`	`wcsrtombs_s`	`wcstok_s`	`wcstombs_s`	`wctomb_s`	`wmemcpy_s`	`wmemmove_s`
`wprintf_s`	`wscanf_s`

or alternative non-obsolescent functions from ISO/IEC DTR 24731-2 (Part 2)

`asprintf`	`aswprintf`	`fmemopen`	`fscanf`	`fwscanf`	`getdelim`	`getline`
`getwdelim`	`getwline`	`open_memstream`	`open_wmemstream`	`strdup`	`strndup`

Noncompliant Code Example

In this noncompliant code example, the obsolescent functions strcat and strcpy are used.

Code Block

bgColor	#FFcccc


void complain(const char *msg) {
  static const char prefix[] = "Error: ";
  static const char suffix[] = "\n";
  char buf[BUFSIZE];

  strcpy(buf, prefix);
  strcat(buf, msg);
  strcat(buf, suffix);
  fputs(buf, stderr);
}

Noncompliant Code Example

In this noncompliant code example, the obsolescent function setbuf is used.

Code Block

bgColor	#FFcccc


FILE *file;
/* Setup file */
setbuf(file, NULL);
/* ... */

Noncompliant Code Example

In this noncompliant code example, tmpnam is used.

Code Block

bgColor	#FFcccc


char file_name[L_tmpnam];
FILE *fp;

if (!tmpnam(file_name)) {
  /* Handle error */
}

/* A TOCTOU race condition exists here */

fp = fopen(file_name, "wb+");
if (fp == NULL) {
   /* Handle error */
}

Noncompliant Code Example

In this noncompliant code example, tmpfile is used.

Code Block

bgColor	#FFcccc


FILE *fp = tmpfile();
if (fp == NULL) {
  /* Handle error */
}

Related Guidelines

ISO/IEC JTC1/SC22/WG11 Rationale for TR 24731 Extensions to the C Library Part I: Bounds-checking interfaces

ISO/IEC 9899:1999 Section 7.19.3, "Files," and Section 7.19.4, "Operations on Files," Section 7.19.5.5, "The setbuf function"; 7.19.9.2, "The fseek function"; 7.19.9.5 "The rewind function"; and 7.21, "String handling <string.h>," Section 7.20.1.4, "The strtol, strtoll, strtoul, and strtoull functions," and Section 7.19.6, "Formatted input/output functions," Section 7.21.5.8, "The strtok function"

ISO/IEC TR 24772 "TRJ Use of Libraries"

ISO/IEC TR 24731-1:2007

MITRE CWE: CWE-73 "External Control of File Name or Path, "CWE-367, "Time-of-check Time-of-use Race Condition," CWE-676, "Use of Potentially Dangerous Function," CWE-192, "Integer Coercion Error," CWE-197, "Numeric Truncation Error," CWE-464, "Addition of Data Structure Sentinel," CWE-676, "Use of Potentially Dangerous Function," and CWE-20, "Insufficient Input Validation"

Bibliography

Wiki Markup

\[[Apple Secure Coding Guide|Bibliography#Apple Secure Coding Guide]\] "Avoiding Race Conditions and Insecure File Operations"
\[[CERT C Secure Coding Standard 2010|Bibliography#CERT C Secure Coding Standard 10]\]"[MSC34-C. Do not use deprecated or obsolescent functions|seccode:MSC34-C. Do not use deprecated or obsolescent functions]", "[FIO01-C. Be careful using functions that use file names for identification|seccode:FIO01-C. Be careful using functions that use file names for identification]", "[FIO07-C. Prefer fseek() to rewind()|seccode:FIO07-C. Prefer fseek() to rewind()]", "[FIO12-C. Prefer setvbuf() to setbuf()|seccode:FIO12-C. Prefer setvbuf() to setbuf()]", "[INT05-C. Do not use input functions to convert character data if they cannot handle all possible inputs|seccode:INT05-C. Do not use input functions to convert character data if they cannot handle all possible inputs]", "[INT06-C. Use strtol() or a related function to convert a string token to an integer|seccode:INT06-C. Use strtol() or a related function to convert a string token to an integer]", "[STR06-C. Do not assume that strtok() leaves the parse string unchanged|seccode:STR06-C. Do not assume that strtok() leaves the parse string unchanged]", "[STR07-C. Use TR 24731 for remediation of existing string manipulation code|seccode:STR07-C. Use TR 24731 for remediation of existing string manipulation code]"
\[[Drepper 2006|Bibliography#Drepper 06]\] Section 2.2.1 "Identification When Opening"
\[[Klein 2002|Bibliography#Klein 02]\]
\[[Linux 2007|Bibliography#Linux 07]\] {{strtok}}(3)
\[[Open Group 2004|Bibliography#Open Group 04]\] "The {{open}} function"
\[[Seacord 2005a|Bibliography#Seacord 05a]\] Chapter 2, "Strings," and Chapter 7, "File I/O"
\[[Seacord 2005b|Bibliography#Seacord 05b]\]

Functions in the first column of the following table are hereby defined to be obsolescent functions. To remediate invocations of obsolescent functions, an application might use inline coding that, in all respects, conforms to this guideline, or an alternative library that, in all respects, conforms to this guideline, or alternative non-obsolescent functions.

Obsolescent Function	Recommended Alternative	Rationale
`asctime()`	`asctime_s()`	Non-reentrant
`atof()`	`strtod()`	No error detection
`atoi()`	`strtol()`	No error detection
`atol()`	`strtol()`	No error detection
`atoll()`	`strtoll()`	No error detection
`ctime()`	`ctime_s()`	Non-reentrant
`fopen()`	`fopen_s()`	No exclusive access to file
`freopen()`	`freopen_s()`	No exclusive access to file
`rewind()`	`fseek()`	No error detection
`setbuf()`	`setvbuf()`	No error detection

The atof(), atoi(), atol(), and atoll() functions are obsolescent because the strtod(), strtof(), strtol(), strtold(), strtoll(), strtoul(), and strtoull() functions can emulate their usage and have more robust error handling capabilities. See INT05-C. Do not use input functions to convert character data if they cannot handle all possible inputs.

The fopen() and freopen() functions are obsolescent because the fopen_s() and freopen_s() functions can emulate their usage and improve security by protecting the file from unauthorized access by setting its file protection and opening the file with exclusive access [ISO/IEC WG14 N1173].

The setbuf() function is obsolescent because setbuf() does not return a value and can be emulated using setvbuf(). See ERR07-C. Prefer functions that support error checking over equivalent functions that don't.

The rewind() function is obsolescent because rewind() does not return a value and can be emulated using fseek(). See ERR07-C. Prefer functions that support error checking over equivalent functions that don't.

The asctime() and ctime() functions are obsolescent because they use non-reentrant static buffers and can be emulated using asctime_s() and ctime_s().

Unchecked Obsolescent Functions

If you are using platforms that support Annex K, then functions in the first column of the following table are hereby defined to be obsolescent functions, with functions in the second column being the recommended alternatives from Annex K.

Obsolescent Function	Recommended Alternative
bsearch()	bsearch_s()
fprintf()	fprintf_s()
fscanf()	fscanf_s()
fwprintf()	fwprintf_s()
fwscanf()	fwscanf_s()
getenv()	getenv_s()
gmtime()	gmtime_s()
localtime()	localtime_s()
mbsrtowcs()	mbsrtowcs_s()
mbstowcs()	mbstowcs_s()
memcpy()	memcpy_s()
memmove()	memmove_s()
printf()	printf_s()
qsort()	qsort_s()
scanf()	scanf_s()
snprintf()	snprintf_s()
sprintf()	sprintf_s()
sscanf()	sscanf_s()
strcat()	strcat_s()
strcpy()	strcpy_s()
strerror()	strerror_s()
strlen()	strnlen_s()
strncat()	strncat_s()
strncpy()	strncpy_s()
strtok()	strtok_s()
swprintf()	swprintf_s()
swscanf()	swscanf_s()
vfprintf()	vfprintf_s()
vfscanf()	vfscanf_s()
vfwprintf()	vfwprintf_s()
vfwscanf()	vfwscanf_s()
vprintf()	vprintf_s()
vscanf()	vscanf_s()
vsnprintf()	vsnprintf_s()
vsprintf()	vsprintf_s()
vsscanf()	vsscanf_s()
vswprintf()	vswprintf_s()
vswscanf()	vswscanf_s()
vwprintf()	vwprintf_s()
vwscanf()	vwscanf_s()
wcrtomb()	wcrtomb_s()
wcscat()	wcscat_s()
wcscpy()	wcscpy_s()
wcslen()	wcsnlen_s()
wcsncat()	wcsncat_s()
wcsncpy()	wcsncpy_s()
wcsrtombs()	wcsrtombs_s()
wcstok()	wcstok_s()
wcstombs()	wcstombs_s()
wctomb()	wctomb_s()
wmemcpy()	wmemcpy_s()
wmemmove()	wmemmove_s()
wprintf()	wprintf_s()
wscanf()	wscanf_s()

For information on the tmpfile() and tmpfile_s() functions, see FIO21-C. Do not create temporary files in shared directories.
For information on the memset() and memset_s() functions, see MSC06-C. Beware of compiler optimizations.

To remediate invocations of obsolescent functions, an application might use any of the following recommended functions from ISO/IEC TR 24731-2, Extensions to the C Library—Part II: Dynamic Allocation Functions [ISO/IEC TR 24731-2]:

`asprintf`	`aswprintf`	`fmemopen`	`fscanf`	`fwscanf`	`getdelim`	`getline`
`getwdelim`	`getwline`	`open_memstream`	`open_wmemstream`	`strdup`	`strndup`

Noncompliant Code Example

In this noncompliant code example, the obsolescent functions strcat() and strcpy() are used:

Code Block

bgColor	#FFcccc

#include <string.h>
#include <stdio.h>
 
enum { BUFSIZE = 32 };
void complain(const char *msg) {

  static const char prefix[] = "Error: ";
  static const char suffix[] = "\n";
  char buf[BUFSIZE];

  strcpy(buf, prefix);
  strcat(buf, msg);
  strcat(buf, suffix);
  fputs(buf, stderr);
}

Compliant Solution

In this compliant solution, strcat() and strcpy() are replaced by strcat_s() and strcpy_s():

Code Block

bgColor	#ccccFF
lang	c

#define __STDC_WANT_LIB_EXT1__
#include <string.h>
#include <stdio.h>
 
enum { BUFFERSIZE = 256 };

void complain(const char *msg) {
  static const char prefix[] = "Error: ";
  static const char suffix[] = "\n";
  char buf[BUFFERSIZE];

  strcpy_s(buf, BUFFERSIZE, prefix);
  strcat_s(buf, BUFFERSIZE, msg);
  strcat_s(buf, BUFFERSIZE, suffix);
  fputs(buf, stderr);
}

Risk Assessment

The deprecated and obsolescent functions enumerated in this guideline are commonly associated with software vulnerabilities.

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
MSC24-C	High	Probable	Medium	P12	L1

Automated Detection

Tool

Version

Checker

Description

Astrée

Include Page

	Astrée_V
	Astrée_V

stdlib-use-ato

stdlib-macro-ato

stdlib-use-atoll

stdlib-macro-atoll

Partially checked

Axivion Bauhaus Suite

Include Page

	Axivion Bauhaus Suite_V
	Axivion Bauhaus Suite_V

CertC-MSC24

Fully implemented

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

BADFUNC.*

(customization)

A number of CodeSonar's "Use of *" checks are for deprecated/obsolescent functions
CodeSonar also provides a mechanism for users to create custom checks for uses of specified functions

ECLAIR

Include Page

	ECLAIR_V
	ECLAIR_V

CC2.MSC34

Fully implemented

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

44 S

Fully implemented

Parasoft C/C++test

Include Page

	Parasoft_V
	Parasoft_V

CERT_C-MSC24-a
CERT_C-MSC24-b
CERT_C-MSC24-c
CERT_C-MSC24-d

The library functions atof, atoi and atol from library stdlib.h shall not be used
The 'getenv()' function from the 'stdlib.h' or 'cstdlib' library shall not be used
Avoid using unsafe string functions which may cause buffer overflows
Don't use unsafe C functions that do write to range-unchecked buffers

PC-lint Plus

Include Page

	PC-lint Plus_V
	PC-lint Plus_V

586

Fully supported

Polyspace Bug Finder

Include Page

	Polyspace Bug Finder_V
	Polyspace Bug Finder_V

CERT C: Rec. MSC24-C

Checks for use of obsolete standard function (rec. fully covered)

PVS-Studio

Include Page

	PVS-Studio_V
	PVS-Studio_V

V513, V2001, V2002

RuleChecker

Include Page

	RuleChecker_V
	RuleChecker_V

stdlib-use-ato

stdlib-macro-ato

stdlib-use-atoll

stdlib-macro-atoll

Partially checked

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C Secure Coding Standard	ERR07-C. Prefer functions that support error checking over equivalent functions that don't INT05-C. Do not use input functions to convert character data if they cannot handle all possible inputs ERR34-C. Detect errors when converting a string to a number STR06-C. Do not assume that strtok() leaves the parse string unchanged STR07-C. Use the bounds-checking interfaces for string manipulation
ISO/IEC TR 24772	Use of Libraries [TRJ]
MISRA C:2012	Rule 21.3 (required)
MITRE CWE	CWE-20, Insufficient input validation CWE-73, External control of file name or path CWE-79, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-89, Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-91, XML Injection (aka Blind XPath Injection) CWE-94, Improper Control of Generation of Code ('Code Injection') CWE-114, Process Control CWE-120, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-192, Integer coercion error CWE-197, Numeric truncation error CWE-367, Time-of-check, time-of-use race condition CWE-464, Addition of data structure sentinel CWE-601, URL Redirection to Untrusted Site ('Open Redirect') CWE-676, Use of potentially dangerous function

Bibliography

[Apple 2006]	Apple Secure Coding Guide, "Avoiding Race Conditions and Insecure File Operations"
[Burch 2006]	Specifications for Managed Strings, Second Edition
[Drepper 2006]	Section 2.2.1 "Identification When Opening"
[IEEE Std 1003.1:2013]	XSH, System Interfaces, `open`
ISO/IEC 23360-1:2006
[ISO/IEC WG14 N1173]	Rationale for TR 24731 Extensions to the C Library Part I: Bounds-checking interfaces
[Klein 2002]	"Bullet Proof Integer Input Using `strtol()`"
[Linux 2008]	`strtok(3)`
[Seacord 2013]	Chapter 2, "Strings" Chapter 8, "File I/O"
[Seacord 2005b]	"Managed String Library for C, C/C++"

...

Image Added Image Added Image Added Image Removed 49. Miscellaneous (MSC) MSC35-C. Do not include any executable statements inside a switch statement before the first case label

Space shortcuts

Page tree

Versions Compared

Old Version 17

New Version Current

Key

Deprecated Functions

Obsolescent Functions

Noncompliant Code Example

Compliant Solution

Risk Assessment

Automated Detection

Related Vulnerabilities

Related Guidelines

Bibliography

Deprecated Functions

Obsolescent Functions

Unchecked Obsolescent Functions

Noncompliant Code Example

Noncompliant Code Example

Noncompliant Code Example

Noncompliant Code Example

Related Guidelines

Bibliography

Unchecked Obsolescent Functions

Noncompliant Code Example

Compliant Solution

Risk Assessment

Automated Detection

Related Vulnerabilities

Related Guidelines

Bibliography