SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 84

changes.mady.by.user Jill Britton

Saved on

compared with

New Version 85

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tool

Version

Checker

Description

Fortify SCA

V. 5.0

 

Can detect violations of this recommendation with the CERT C Rule Pack.

Compass/ROSE

 

 

Can detect violations of this recommendation by flagging invocations of the following functions:

    • atoi()
    • scanf(), fscanf(), sscanf()
    • others?

LDRA tool suite

Include Page
LDRA_V
LDRA_V

44 S

Fully implemented.

PRQA QA-C
Include Page
PRQA_V
PRQA_V
Warncall -wc atoi, -wc atolPartially implemented.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C++ Secure Coding Standard

...

INT06-CPP. Use strtol() or a related function to convert a string token to an integer
MITRE CWE

...

CWE-676,

...

Use of potentially dangerous function

...


CWE-20,

...

Insufficient input validation

...

Bibliography

[ISO/IEC 9899:2011]Section 7.22.1.4, "The strtol, strtoll, strtoul, and strtoull

...

Functions,"

...

section 7.22.1.2, "The atoi, atol, and atoll

...

Functions,"
and

...

section 7.21.6.7, "The sscanf

...

Function"
[Klein 2002]