...
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <stdio.h>
#include <inttypes.h>
mytypedef_t x;
/* ... */
#ifdef _MSC_VER
printf("%llu", (uintmax_t) x);
#else
printf("%ju", (uintmax_t) x);
#endif |
Microsoft A feature request has been submitted a feature request to Microsoft to add support for the j length modifier to a future release of Microsoft Visual Studio.
...
This compliant solution guarantees that a correct value in the range of mytypedef_t is read, or an error condition is detected, assuming the value of MYTYPEDEF_MAX is correct as the largest value representable by mytypedef_t: We use the The strtoumax() function is used instead of scanf(), as it provides enhanced error checking functionality. The fgets() function is used to read input from stdin.
...
Failure to use an appropriate conversion specifier when inputting or outputting programmer-defined integer types can result in buffer overflow and lost or misinterpreted data.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
INT15-C | High | Unlikely | Medium | P6 | L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Axivion Bauhaus Suite |
| CertC-INT15 | |||||||
| Compass/ROSE |
Can catch violations of this rule by scanning the | |||||||
| LDRA tool suite |
|
439 S
440 S
586 S
586 S | Enhanced Enforcement | ||||||||
| Parasoft C/C++test |
| CERT_C-INT15-a | Use intmax_t or uintmax_t for formatted IO on programmer-defined integer types |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| SEI CERT C++ |
| Coding Standard | VOID INT15-CPP. Use intmax_t or uintmax_t for formatted IO on programmer-defined integer types |
| MITRE CWE | CWE-681, Incorrect conversion between numeric types |
Bibliography
| [Saks 2007c] | Standard C's Pointer Difference Type |
...
...