SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 86

changes.mady.by.user Aaron Ballman

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM Cost Reform

...

Alternatively, input character data as a null-terminated byte string and convert to an integer value using strtol() or a related function. (See INT06ERR34-C. Use strtol() or a related function to convert a string token to an integerDetect errors when converting a string to a number.)

Noncompliant Code Example

...

Code Block
bgColor#FFcccc
langc
long num_long;

if (scanf("%ld", &num_long) != 1) {
  /* handleHandle error */
}

In general, do not use scanf() to parse integers or floating-point numbers from input strings because the input could contain numbers not representable by the argument type.

...

Code Block
bgColor#ccccff
langc
long num_long;
errno = 0;

if (scanf("%ld", &num_long) != 1) {
  /* handleHandle error */
}
else if (ERANGE == errno) {
  if (puts("number out of range\n") == EOF) {
      /* Handle error */
  }
}

...

Although it is relatively rare for a violation of this recommendation to result in a security vulnerability, it can easily result in lost or misinterpreted data.

Recommendation

Severity

Likelihood

Remediation Cost

Detectable

Repairable

Priority

Level

INT05-C

medium

Medium

Probable

probable

Yes

high

No

P4

P8

L3

L2

Automated Detection

Tool

Version

Checker

Description

Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-INT05
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
MISC.NEGCHARNegative Character Value
Compass/ROSE

 

 



Can detect violations of this recommendation. In particular, it notes uses of the scanf() family of functions where on the type specifier is a floating-point or integer type

Fortify SCA

5.0

 

Can detect violations of this recommendation with the CERT C Rule Pack

PRQA QA-C Include PagePRQA_VPRQA_VWarncall for scanf etc

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C5005
LDRA tool suite
Include Page
LDRA_V
LDRA_V
44 SEnhanced Enforcement
Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V

CERT_C-INT05-a

Avoid using unsafe string functions that do not check bounds
PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

586

Fully supported

Fully implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++
Secure
Coding StandardVOID INT05-CPP. Do not use input functions to convert character data if they cannot handle all possible inputs
MITRE CWECWE-192, Integer coercion error
CWE-197, Numeric truncation error

Bibliography

[Klein 2002]
 

[Linux 2008]scanf(3)

...


...

Image Modified Image Modified Image Modified