Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Alternatively, input character data as a null-terminated byte string and convert to an integer value using strtol() or a related function. (See INT06ERR34-C. Use strtol() or a related function to convert a string token to an integerDetect errors when converting a string to a number.)

Noncompliant Code Example

...

Code Block
bgColor#FFcccc
langc
long slnum_long;

if (scanf("%ld", &slnum_long) != 1) {
  /* handleHandle error */
}

In general, do not use scanf() to parse integers or floating-point numbers from input strings because the input could contain numbers not representable by the argument type.

...

This compliant example uses the Linux scanf() implementation's built-in error handling to validate input. On Linux platforms, scanf() sets errno to ERANGE if the result of integer conversion cannot be represented within the size specified by the format string [Linux 2008]. Note that this solution is a platform - dependent solution. Therefore, so it should be used only where portability is not a concern.

Code Block
bgColor#ccccff
langc
long slnum_long;
errno = 0;

if (scanf("%ld", &slnum_long) != 1) {
  /* handleHandle error */
}
else if (ERANGE == errno) {
  if (puts("number out of range\n") == EOF) {
      /* Handle error */
  }
}

...

Code Block
bgColor#ccccff
langc
char buff[25];
char *end_ptr;
long slnum_long;

if (fgets(buff, sizeof(buff), stdin) == NULL) {
  if (puts("EOF or read error\n") == EOF) {
    /* Handle error */
  }
} else {
  errno = 0;

  slnum_long = strtol(buff, &end_ptr, 10);

  if (ERANGE == errno) {
    if (puts("number out of range\n") == EOF) {
      /* Handle error */
    }
  }
  else if (end_ptr == buff) {
    if (puts("not valid numeric input\n") == EOF) {
      /* Handle error */
    }
  }
  else if ('\n' != *end_ptr && '\0' != *end_ptr) {
    if (puts("extra characters on input line\n") == EOF) {
      /* Handle error */
    }
  }
}

...

Although it is relatively rare for a violation of this recommendation to result in a security vulnerability, it can easily result in lost or misinterpreted data.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

INT05-C

medium

Medium

probable

Probable

high

High

P4

L3

Automated Detection

Tool

Version

Checker

Description

Fortify SCA

V. 5.0

 

Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-INT05
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
MISC.NEGCHARNegative Character Value
Can detect violations of this recommendation with the CERT C Rule Pack.
Compass/ROSE

 

 



Can detect violations of this recommendation. In particular, it notes uses of the scanf() family of functions where on the type specifier is a floating-point or integer type

.

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C5005
LDRA tool suite
Include Page
LDRA_V
LDRA_V
44 SEnhanced Enforcement
Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V

CERT_C-INT05-a

Avoid using unsafe string functions that do not check bounds
PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

586

Fully supported

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

...

...

...

...

...

Integer coercion error

...


...

...

Numeric truncation error

...

Bibliography


...

Image Modified Image Modified Image Modified