Use of the %a or %A conversion specifiers has unspecified behavior when used on non-normalized floating-point numbers.

A double argument representing a floating-point number is converted in the
style ?0xh.hhhh p±d, where there is one hexadecimal digit (which is
nonzero if the argument is a normalized floating-point number and is
otherwise unspecified) before the decimal-point character

Relying on the %a and %A specifiers to not produce values with a leading zero is error prone.

Noncompliant Code Example

TODO

 TODO

Compliant Solution

TODO

 TODO

Risk Assessment

TODO

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

FIO17-C

---

---

Automated Detection

TODO

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

TODO