SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 17

changes.mady.by.user Osona Steave

Saved on

compared with

New Version 18

changes.mady.by.user Robert Seacord

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Formatted input functions such as scanf(), fscanf(), vscanf(), and vfscanf() can be used to read string data from stdin or (in the cases of fscanf() and vfscanf()) other input stream. These functions work fine for valid integer values but lack robust error handling for invalid values.

Wiki Markup
Instead of these functions, try inputing the value as a string and then converting it to an integer value using {{strtol()}} or a related function \[[INT06-A|INT06-A. Use strtol() to convert a string token to an integer]\].

Include Page
c:INT05 NCCE
c:INT05 NCCE
Include Page
c:INT05 CS
c:INT05 CS

Risk Assessment

While it is relativley rare for a violation of this rule to result in a security vulnerability, it could more easily result in loss or misinterpreted data.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

INT05-A

1 (low)

2 (low)

2 (medium)

P2

L3

References

Wiki Markup
\[[Klein 02|AA. C References#Klein 02]]
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]] Section 7.20.1.4, "The strtol, strtoll, strtoul, and strtoull functions," and Section 7.19.6, "Formatted input/output functions"