Page History

...

Alternatively, input character data as a null-terminated byte string and convert to an integer value using strtol() or a related function. (see INT06See ERR34-C. Use strtol() or a related function to convert a string token to an integer).Detect errors when converting a string to a number.)

Noncompliant Code Example

This noncompliant code example uses the scanf() function to read a string from stdin and convert it to a long. The scanf() and fscanf() functions have undefined behavior if the value of the result of this operation cannot be represented as an integer.

long slnum_long;

if (scanf("%ld", &slnum_long) != 1) {
  /* handleHandle error */
}

In general, do not use scanf() to parse integers or floating-point numbers from input strings , because the input could contain numbers not representable by the argument type.

Compliant Solution (Linux)

This compliant example uses the Linux scanf() implementation's built-in error handling to validate input. On Linux platforms, scanf() sets errno to ERANGE if the result of integer conversion cannot be represented within the size specified by the format string [Linux 2008]. Note that this solution is platform dependent, so it should be used only where portability is not a concern.

long num_long;
errno = 0;

if (scanf("%ld", &num_long) != 1) {
  /* Handle error */
}
else if (ERANGE == errno) {
  if (puts("number out of range\n") == EOF) {
      /* Handle error */
  }
}

Compliant Solution

This compliant example uses fgets() to input a string and strtol() to convert the string to an integer. Error checking is provided to make sure that the value is a valid integer in the range of long.

char buff[25];
char *end_ptr;
long slnum_long;

if (fgets(buff, sizeof(buff), stdin) == NULL) {
  if (puts("EOF or read error\n") == EOF) {
    /* Handle error */
  }
} else {
  errno = 0;

  slnum_long = strtol(buff, &end_ptr, 10);

  if (ERANGE == errno) {
    if (puts("number out of range\n") == EOF) {
      /* Handle error */
    }
  }
  else if (end_ptr == buff) {
    if (puts("not valid numeric input\n") == EOF) {
      /* Handle error */
    }
  }
  else if ('\n' != *end_ptr && '\0' != *end_ptr) {
    if (puts("extra characters on input line\n") == EOF) {
      /* Handle error */
    }
  }
}

Note that this solution treats any trailing characters, including white-space whitespace characters, as an error condition.

Compliant Solution

This compliant example uses the Linux scanf() implementation's built in error handling to validate input. On Linux platforms, scanf() sets errno to ERANGE if integer conversion would cause overflow with the given type. Note that this is a platform dependent solution. Therefore, this should only be used where portability is not a concern.

long sl;
errno = 0;

if (scanf("%ld", &sl) != 1) {
  /* handle error */
}
else if (ERANGE == errno) {
  if (puts("number out of range\n") == EOF) {
      /* Handle error */
  }
}

Risk Assessment

Risk Assessment

Although it While it is relatively rare for a violation of this recommendation to result in a security vulnerability, it can easily result in lost or misinterpreted data.

Automated Detection

...

...

...

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

...

Related Guidelines

...

...

...

...

\[[Klein 02|AA. C References#Klein 02]\]
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.20.1.4, "The strtol, strtoll, strtoul, and strtoull functions," and Section 7.19.6, "Formatted input/output functions"
\[[MITRE 07|AA. C References#MITRE 07]\] [CWE ID 192|http://cwe.mitre.org/data/definitions/192.html], "Integer Coercion Error"; and [CWE ID 197|http://cwe.mitre.org/data/definitions/197.html], "Numeric Truncation Error"

Bibliography

...

Image Added Image Added Image AddedINT04-C. Enforce limits on integer values originating from untrusted sources      04. Integers (INT)      INT06-C. Use strtol() or a related function to convert a string token to an integer