gitlab.flawfinder.atoi-1.atol-1._wtoi-1._wtoi64-1

137
Download Count*
MIT
License

The atoi family of functions can potentially overflow or underflow integer values. Consider using stroul instead.

For more information please see: https://wiki.sei.cmu.edu/confluence/display/c/ERR34-C.+Detect+errors+when+converting+a+string+to+a+number

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: flawfinder.atoi-1.atol-1._wtoi-1._wtoi64-1
    languages:
      - c
    message: >
      The `atoi` family of functions can potentially overflow or underflow
      integer values. Consider

      using `stroul` instead.


      For more information please see:

      https://wiki.sei.cmu.edu/confluence/display/c/ERR34-C.+Detect+errors+when+converting+a+string+to+a+number
    metadata:
      shortDescription: Possible integer overflow or underflow
      cwe: CWE-190
      owasp: A1:2017-Injection
      primary_identifier: flawfinder.atoi-1.atol-1._wtoi-1._wtoi64-1
      secondary_identifiers:
        - name: Flawfinder - atoi
          type: flawfinder_func_name
          value: atoi
        - name: Flawfinder - atol
          type: flawfinder_func_name
          value: atol
        - name: Flawfinder - _wtoi
          type: flawfinder_func_name
          value: _wtoi
        - name: Flawfinder - _wtoi64
          type: flawfinder_func_name
          value: _wtoi64
      license: MIT
      vulnerability_class:
        - Other
    pattern-either:
      - pattern: atoi(...)
      - pattern: atol(...)
      - pattern: _wtoi(...)
      - pattern: _wtoi64(...)
    severity: INFO