...
This compliant solution uses strtol() to convert a string token to an integer and ensures that the value is in the range of int.
| Code Block | ||
|---|---|---|
| ||
long sl; int si; char *end_ptr; int main(int argc, char *argv[]) { if (argc > 1) { < 2) return EXIT_SUCCESS; const char* const str = argv[1]; char *end; int si; errno = 0; const long sl = strtol(argv[1]str, &end_ptr, 10); if ((slend == LONG_MIN || sl == LONG_MAX) && errno != 0str) { fprintf(stderr, "%s: not a decimal number\n", str); } else if ('\0' != *end) { perrorfprintf("strtol error"stderr, "%s: extra characters at end of input: %s\n", str, end); } else if (end(LONG_ptrMIN == argv[1]) { if (puts("error encountered during conversion")sl || LONG_MAX == sl) && ERANGE == EOFerrno) { fprintf(stderr, "%s /*out Handleof errorrange */ of type }long\n", str); } else if (sl > INT_MAX) { printffprintf(stderr, "%ld too large!greater than INT_MAX\n", sl); } else if (sl < INT_MIN) { printffprintf(stderr, "%ld less too small!than INT_MIN\n", sl); } else if ('\0' != *end_ptr) { if (puts("extra characters on input line\n") == EOF) { si = (int)sl; /* Handleprocess errorsi */ return }EXIT_SUCCESS; } else { si = (int)sl; }return EXIT_FAILURE; } |
Risk Assessment
While it is rare for a violation of this recommendation to result in a security vulnerability, it can easily result in lost or misinterpreted data.
...