Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

When calling num_get<>::get(), information about conversion errors is returned to the caller through the ios_base::iostate& argument. The C++ Standard, section [facet.num.get.virtuals], paragraph 3 states, in part  [ISO/IEC 14882-2014], in part, states the following:

If the conversion function fails to convert the entire field, or if the field represents a value outside the range of representable values, ios_base::failbit is assigned to err.

Always explicitly check the error state of a conversion from string to a numeric value (or handle the related exception, if applicable) instead of assuming the conversion results in a valid value. This rule is in addition to ERR34-C. Detect errors when converting a string to a number, which bans the use of conversion functions that do not perform conversion validation such as std::atoi() and std::scanf() from the C Standard Library.

Noncompliant Code Example

...

In this compliant solution, each converted value read from the standard input stream is tested for validity before reading the next value in the sequence, allowing error recovery on a per-value basis. It checks std::istream::fail() to see if the failure bit was set due to a conversion failure or whether the bad bit was set due to a loss of integrity with the stream object. If a failure condition is encountered, it is cleared on the input stream and then characters are read and discarded until a ' ' (space) character occurs. Note that the  The error handling in this case only works if a space character is what delimits the two numeric values to be converted.

...

It is rare for a violation of this rule to result in a security vulnerability unless it occurs in security-sensitive code. However, violations of this rule can easily result in lost or misinterpreted data. 

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

ERR62-CPP

Medium

Unlikely

Medium

P4

L3

Automated Detection

Tool

Version

Checker

Description

Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC++-ERR62

Clang

Include Page
Clang_39_V
Clang_39_V
-

cert-err34-c

Checked by clang-tidy; only identifies use of unsafe C Standard Library functions corresponding to ERR34-C
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

BADFUNC.ATOF
BADFUNC.ATOI
BADFUNC.ATOL
BADFUNC.ATOLL

Use of atof
Use of atoi
Use of atol
Use of atoll

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C++3161
Klocwork
Include Page
Klocwork_V
Klocwork_V
CERT.ERR.CONV.STR_TO_NUM
Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_CPP-ERR62-aThe library functions atof, atoi and atol from library stdlib.h shall not be used
Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C++: ERR62-CPPChecks for unvalidated string-to-number conversion (rule fully covered)

Related Vulnerabilities

Search for other vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

Bibliography

[ISO/IEC 9899:1999]Subclause 7.22.1, "Numeric conversion functions"
Subclause 7.21.6, "Formatted input/output functions"
[ISO/IEC 14882-2014]

Subclause 22.4.2.1.1, "num_get members"
Subclause 27.7.2.2, "Formatted input functions"

...


...

Image Modified Image Modified Image Modified