Page History

...

Do not need to set errno on an error.
Have undefined behavior if the value of the result cannot be represented. (See undefined behavior 119118 of Annex J of the C Standard.)
Return 0 if the string does not represent an integer (which is indistinguishable from a correctly formatted, zero-denoting input string), but the C Standard only specifies the behavior of these functions on success.

...

Recommendation	Severity	Likelihood	Detectable	Remediation CostRepairable	Priority	Level
ERR07-C	Medium	Probable	Yes	YesMedium	P8P12	L2L1

Automated Detection

This rule in general cannot be detected, although various examples can be detected by simply scanning for functions that have equivalent functions with better error handling.

The library functions atof, atoi and atol from library stdlib.h shall not be used

Tool

Version

Checker

Description

Astrée

Include Page

	Astrée_V
	Astrée_V

bad-function

Fully checked

Axivion Bauhaus Suite

Include Page

	Axivion Bauhaus Suite_V
	Axivion Bauhaus Suite_V

CertC-ERR07

Helix QAC

Include Page

	Helix QAC_V
	Helix QAC_V

C5046

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

44 S, 593 S, 594 S

Partially implemented

Parasoft C/C++test

Include Page

	Parasoft_V
	Parasoft_V

CERT_C-ERR07-a

CERT_C-ERR07-b

The 'atof', 'atoi', 'atol' and 'atoll' functions from the 'stdlib.h' or 'cstdlib' library should not be used
The library functions 'rewind', 'setbuf' and 'ctime' should not be used

PC-lint Plus

Include Page

	PC-lint Plus_V
	PC-lint Plus_V

586

Fully supported

RuleChecker

Include Page

	RuleChecker_V
	RuleChecker_V

bad-function

Fully checked

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

Space shortcuts

Page tree

Versions Compared

Old Version 40

New Version Current

Key

Automated Detection

Related Vulnerabilities