...
Also, consider using the sprintf_s() function defined in ISO/IEC TR 24731-1 instead of snprintf() to provide some additional checks (see STR07-A. Use TR 24731 for remediation of existing string manipulation code).
Exceptions
INT13-EX1: When used as bit flags, it is acceptable to use preprocessor macros as arguments to the & and | operators even if the value is not explicitly declared as unsigned.
| Code Block | ||
|---|---|---|
| ||
fd = open(file_name, UO_WRONLY | UO_CREAT | UO_EXCL | UO_TRUNC, 0600);
|
INT13-EX2: If the right hand side operand to a shift operator is known at compile time, it is acceptable for the value to be represented with a signed type in the compiler so long as the it is positive.
| Code Block | ||
|---|---|---|
| ||
#define SHIFT 24
foo = 15u >> SHIFT;
|
Risk Assessment
Improper range checking can lead to buffer overflows and the execution of arbitrary code by an attacker.
...