Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The gets() function was deprecated by Technical Corrigendum 3 to C99 and eliminated from C11.  The Annex K gets_s() function is a recommended alternative to gets().

Obsolescent Functions

Functions in the first column of the following table are hereby defined to be obsolescent functions. To remediate invocations of obsolescent functions, an application might use inline coding that, in all respects, conforms to this guideline, or an alternative library that, in all respects, conforms to this guideline, or alternative non-obsolescent functions.

...

Unchecked Obsolescent Functions

The following If you are using platforms that support Annex K, then functions in the first column of the following table are hereby defined to be unchecked obsolescent functions:

...

bsearch

...

fprintf

...

fscanf

...

fwprintf

...

fwscanf

...

getenv

...

gmtime

...

localtime

...

mbsrtowcs

...

mbstowcs

...

memcpy

...

memmove

...

printf

...

qsort

...

setbuf

...

snprintf

...

sprintf

...

sscanf

...

strcat

...

strcpy

...

strerror

...

strncat

...

strncpy

...

strtok

...

swprintf

...

swscanf

...

vfprintf

...

vfscanf

...

vfwprintf

...

vfwscanf

...

vprintf

...

vscanf

...

vsnprintf

...

vsprintf

...

vsscanf

...

vswprintf

...

vswscanf

...

vwprintf

...

vwscanf

...

wcrtomb

...

wcscat

...

wcscpy

...

wcsncat

...

wcsncpy

...

wcsrtombs

...

wcstok

...

wcstombs

...

wctomb

...

wmemcpy

...

wmemmove

...

wprintf

...

wscanf

To remediate invocations of unchecked obsolescent functions, an application might use inline coding that, in all respects, conforms to this guideline, or an alternative library that, in all respects, conforms to this guideline, or alternative nonobsolescent functions from C11, Annex K:

...

abort_handler_s

...

bsearch_s

...

fprintf_s

...

freopen_s

...

fscanf_s

...

fwprintf_s

...

fwscanf_s

...

getenv_s

...

gets_s

...

gmtime_s

...

ignore_handler_s

...

localtime_s

...

mbsrtowcs_s

...

mbstowcs_s

...

memcpy_s

...

memmove_s

...

printf_s

...

qsort_s

...

scanf_s

...

set_constraint_handler_s

...

snprintf_s

...

snwprintf_s

...

sprintf_s

...

sscanf_s

...

strcat_s

...

strcpy_s

...

strerror_s

...

strerrorlen_s

...

strncat_s

...

strncpy_s

...

strnlen_s

...

strtok_s

...

swprintf_s

...

swscanf_s

...

vfprintf_s

...

vfscanf_s

...

vfwprintf_s

...

vfwscanf_s

...

vprintf_s

...

vscanf_s

...

vsnprintf_s

...

vsnwprintf_s

...

vsprintf_s

...

vsscanf_s

...

vswprintf_s

...

vswscanf_s

...

vwprintf_s

...

vwscanf_s

...

wcrtomb_s

...

wcrtoms_s

...

wcscat_s

...

wcscpy_s

...

wcsncat_s

...

wcsncpy_s

...

wcsnlen_s

...

wcsrtombs_s

...

wcstok_s

...

wcstombs_s

...

wctomb_s

...

wmemcpy_s

...

wmemmove_s

obsolescent functions, with functions in the second column being the recommended alternatives from Annex K.

Obsolescent
Function

Recommended
Alternative

bsearch()bsearch_s()
fprintf()fprintf_s()
fscanf()fscanf_s()
fwprintf()fwprintf_s()
fwscanf()fwscanf_s()
getenv()getenv_s()
gmtime()gmtime_s()
localtime()localtime_s()
mbsrtowcs()mbsrtowcs_s()
mbstowcs()mbstowcs_s()
memcpy()memcpy_s()
memmove()memmove_s()
printf()printf_s()
qsort()qsort_s()
scanf()scanf_s()
snprintf()snprintf_s()
sprintf()sprintf_s()
sscanf()sscanf_s()
strcat()strcat_s()
strcpy()strcpy_s()
strerror()strerror_s()
strlen()strnlen_s()
strncat()strncat_s()
strncpy()strncpy_s()
strtok()strtok_s()
swprintf()swprintf_s()
swscanf()swscanf_s()
vfprintf()vfprintf_s()
vfscanf()vfscanf_s()
vfwprintf()vfwprintf_s()
vfwscanf()vfwscanf_s()
vprintf()vprintf_s()
vscanf()vscanf_s()
vsnprintf()vsnprintf_s()
vsprintf()vsprintf_s()
vsscanf()vsscanf_s()
vswprintf()vswprintf_s()
vswscanf()vswscanf_s()
vwprintf()vwprintf_s()
vwscanf()vwscanf_s()
wcrtomb()wcrtomb_s()
wcscat()wcscat_s()
wcscpy()wcscpy_s()
wcslen()wcsnlen_s()
wcsncat()wcsncat_s()
wcsncpy()wcsncpy_s()
wcsrtombs()wcsrtombs_s()
wcstok()wcstok_s()
wcstombs()wcstombs_s()
wctomb()wctomb_s()
wmemcpy()wmemcpy_s()
wmemmove()wmemmove_s()
wprintf()wprintf_s()
wscanf()wscanf_s()

For information on the tmpfile() and tmpfile_s() functions, see FIO21-C. Do not create temporary files in shared directories.
For information on the memset() and memset_s() functions, see MSC06-C. Beware of compiler optimizations.

To remediate invocations of obsolescent functions, an application might use any of the following recommended functions from ISO

...

wprintf_s

...

wscanf_s

or alternative nonobsolescent functions from ISO/IEC TR 24731-2, Extensions to the C Library—Part II: Dynamic Allocation Functions [ISO/IEC TR 24731-2]:

...

ToolVersionCheckerDescription
Astrée
Include Page
Astrée_V
Astrée_V

stdlib-use-ato

stdlib-macro-ato

stdlib-use-atoll

stdlib-macro-atoll

Partially checked
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-MSC24Fully implemented
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

BADFUNC.*

(customization)

A number of CodeSonar's "Use of *" checks are for deprecated/obsolescent functions
CodeSonar also provides a mechanism for users to create custom checks for uses of specified functions

ECLAIR

Include Page
ECLAIR_V
ECLAIR_V

CC2.MSC34

Fully implemented

LDRA tool suite
Include Page
LDRA_V
LDRA_V
44 S

Fully implemented

Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V
MISRA2004-20_10, MISRA2004-20_11, SECURITY-12, SECURITY-07

CERT_C-MSC24-a
CERT_C-MSC24-b
CERT_C-MSC24-c
CERT_C-MSC24-d

The library functions atof, atoi and atol from library stdlib.h shall not be used
The 'getenv()' function from the 'stdlib.h' or 'cstdlib' library shall not be used
Avoid using unsafe string functions which may cause buffer overflows
Don't use unsafe C functions that do write to range-unchecked buffers

PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

586

Fully supported

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rec. MSC24-CPolyspace Bug FinderR2016aUse of obsolete standard functionChecks for use of obsolete standard function (rec. fully covered)

Obsolete routines can cause security vulnerabilities and portability issues

PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V513, V2001, V2002
RuleChecker
Include Page
RuleChecker_V
RuleChecker_V

stdlib-use-ato

stdlib-macro-ato

stdlib-use-atoll

stdlib-macro-atoll

Partially checked

...

[Apple 2006]Apple Secure Coding Guide, "Avoiding Race Conditions and Insecure File Operations"
[Burch 2006]Specifications for Managed Strings, Second Edition
[Drepper 2006]Section 2.2.1 "Identification When Opening"
[IEEE Std 1003.1:2013]XSH, System Interfaces, open
ISO/IEC 23360-1:2006
[ISO/IEC WG14 N1173]Rationale for TR 24731 Extensions to the C Library Part I: Bounds-checking interfaces
[Klein 2002]"Bullet Proof Integer Input Using strtol()"
[Linux 2008]strtok(3)
[Seacord 2013]Chapter 2, "Strings"
Chapter 8, "File I/O"
[Seacord 2005b]"Managed String Library for C, C/C++"


...

Image Modified