...
It is rare for a violation of this rule to result in a security vulnerability unless it occurs in security-sensitive code. However, violations of this rule can easily result in lost or misinterpreted data.
Rule | Severity | Likelihood |
|---|
Detectable | Repairable | Priority | Level |
|---|---|---|---|
ERR62-CPP | Medium | Unlikely | Yes |
No | P4 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Axivion Bauhaus Suite |
| CertC++-ERR62 | |||||||
|
| Checked by clang-tidy; only identifies use of unsafe C Standard Library functions corresponding to ERR34-C | ||||||||
| CodeSonar |
| BADFUNC.ATOF | Use of atof | ||||||
| Helix QAC |
| C++3161 | |||||||
| Klocwork |
| CERT.ERR.CONV.STR_TO_NUM | |||||||
| Parasoft C/C++test |
| CERT_CPP-ERR62-a | The 'atof', 'atoi', 'atol' and 'atoll' functions from the 'stdlib.h' or 'cstdlib' library should not be used | ||||||
| Polyspace Bug Finder |
| CERT C++: ERR62-CPP | Checks for unvalidated string-to-number conversion (rule fully covered) |
Related Vulnerabilities
Search for other vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| SEI CERT C Coding Standard | |
| MITRE CWE | CWE-676, Use of potentially dangerous function CWE-20, Insufficient input validation |
Bibliography
| [ISO/IEC 9899:1999] | Subclause 7.22.1, "Numeric conversion functions" Subclause 7.21.6, "Formatted input/output functions" |
| [ISO/IEC 14882-2014] | Subclause 22.4.2.1.1, "num_get members" |
...
...