Page History

...

This compliant solution declares c wc to be a wint_t to match the integer type returned by getwc(). Furthermore, it does not rely on WEOF to determine end-of-file definitively.

...

Incorrectly assuming characters from a file cannot match EOF or WEOF has resulted in significant vulnerabilities, including command injection attacks. (See the *CA-1996-22 advisory.)

Rule	Severity	Likelihood	Detectable	Remediation Cost Repairable	Priority	Level
FIO34-C	High	Probable	Yes	MediumYes	P12P18	L1

Automated Detection

Avoid implicit conversions from wider to narrower types

Tool

Version

Checker

Description

Astrée

Include Page

	Astrée_V
	Astrée_V

conversion_overflow

essential-type-assign

Soundly supported

Axivion Bauhaus Suite

Include Page

	Axivion Bauhaus Suite_V
	Axivion Bauhaus Suite_V

CertC-FIO34

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

LANG.CAST.COERCE

Coercion alters value

Compass/ROSE

Coverity

Include Page

	Coverity_V
	Coverity_V

CHAR_IO

Identifies defects when the return value of fgetc(), getc(), or getchar() is incorrectly assigned to a char instead of an int. Coverity Prevent cannot discover all violations of this rule, so further verification is necessary

Cppcheck Premium

Include Page

	Cppcheck Premium_V
	Cppcheck Premium_V

premium-cert-fio34-c

ECLAIR

1.2

CC2.FIO34

Partially implemented

Helix QAC

Include Page

	Helix QAC_V
	Helix QAC_V

C2676, C2678

C++2676, C++2678, C++3001, C++3010, C++3051, C++3137, C++3717

Klocwork

Include Page

	Klocwork_V
	Klocwork_V

CWARN.CMPCHR.EOF

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

662 S

Fully implemented

Parasoft C/C++test

Include Page

	Parasoft_V
	Parasoft_V

CERT_C-FIO34-a

The macro EOF should be compared with the unmodified return value from the Standard Library function

Polyspace Bug Finder

Include Page

	Polyspace Bug Finder_V
	Polyspace Bug Finder_V

CERT C: Rule FIO34-C

Checks for character values absorbed into EOF (rule partially covered)

PRQA QA-C

Include Page

PRQA QA-C_v PRQA QA-C_v 2676, 2678 PRQA QA-C++

Include Page

cplusplus:PRQA QA-C++_V cplusplus:PRQA QA-C++_V

Splint

3.1.1

RuleChecker

Include Page

	RuleChecker_V
	RuleChecker_V

essential-type-assign

Supported

2676, 2678, 3001, 3010, 3051, 3137, 3717

Splint

3.1.1

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

Key here (explains table format and definitions)

Taxonomy	Taxonomy item	Relationship
CERT C Secure Coding Standard	STR00-C. Represent characters using an appropriate type	Prior to 2018-01-12: CERT: Unspecified Relationship
CERT C Secure Coding Standard	INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data	Prior to 2018-01-12: CERT: Unspecified Relationship
CERT Oracle Secure Coding Standard for Java	FIO08-J. Use an int to capture the return value of methods that read a character or byte	Prior to 2018-01-12: CERT: Unspecified Relationship
ISO/IEC TS 17961:2013	Using character values that are indistinguishable from EOF [chreof]	Prior to 2018-01-12: CERT: Unspecified Relationship
CWE 2.11	CWE-197	2017-06-14: CERT: Rule subset of CWE

CERT-CWE Mapping Notes

Key here for mapping notes

CWE-197 and FIO34-C

Independent( FLP34-C, INT31-C) FIO34-C = Subset( INT31-C)

Therefore: FIO34-C = Subset( CWE-197)

Bibliography

[Kettlewell 2002]	Section 1.2, "<`stdio.h`> and Character Types"
[NIST 2006]	SAMATE Reference Dataset Test Case ID 000-000-088
[Summit 2005]	Question 12.2

Space shortcuts

Page tree

Versions Compared

Old Version 50

New Version Current

Key

Automated Detection

Related Vulnerabilities

Related Guidelines

CERT-CWE Mapping Notes

CWE-197 and FIO34-C

Bibliography