...
While it is relatively rare for a violation of this rule to result in a security vulnerability, it could more can easily result in lost or misinterpreted data.
...
Fortify SCA Version 5.0 with the CERT C Rule Pack can detect violations of this recommendation.
The tool Compass/ROSE could easily catch can detect violations of this rule recommendation by flagging usage invocations of the following functions:
...
| Wiki Markup |
|---|
\[[Klein 02|AA. C References#Klein 02]\] \[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.20.1.4, "The {{strtol}}, {{strtoll}}, {{strtoul}}, and {{strtoull}} functions," Section 7.20.1.2, "The {{atoi}}, {{atol}}, and {{atoll}} functions," and Section 7.19.6.7, "The {{sscanf}} function" |
...
INT05-A. Do not use input functions to convert character data if they cannot handle all possible inputs 04. Integers (INT) INT07-A. Use only explicitly signed or unsigned char type for numeric values