Use of the %a or %A conversion specifiers has unspecified behavior when used on non-normalized floating-point numbers.
A double argument representing a floating-point number is converted in the
style ?0xh.hhhh p±d, where there is one hexadecimal digit (which is
nonzero if the argument is a normalized floating-point number and is
otherwise unspecified) before the decimal-point character
Relying on the %a and %A specifiers to not produce values with a leading zero is error prone.
Noncompliant Code Example
TODO
TODO
Compliant Solution
TODO
TODO
Risk Assessment
TODO
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
FIO17-C |
— |
— |
— |
--- |
--- |
Automated Detection
TODO
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
TODO