mirror of
https://github.com/github/codeql.git
synced 2026-04-05 15:18:20 +02:00
43 lines
1.4 KiB
XML
43 lines
1.4 KiB
XML
<!DOCTYPE qhelp PUBLIC
|
|
"-//Semmle//qhelp//EN"
|
|
"qhelp.dtd">
|
|
<qhelp>
|
|
|
|
|
|
<overview>
|
|
<p>
|
|
This query finds calls of <tt>scanf</tt>-like functions with
|
|
improper return-value checking.
|
|
</p>
|
|
<p>
|
|
Specifically, the query flags uses of scanf wehere the reurn value is checked
|
|
only against zero.
|
|
</p>
|
|
<p>
|
|
Functions in the <tt>scanf</tt> family return either EOF (a negative value)
|
|
in case of IO failure, or the number of items successfully read from the
|
|
input. Consequently, a simple check that the return value is nonzero
|
|
is not enough.
|
|
</p>
|
|
</overview>
|
|
|
|
<recommendation>
|
|
<p>
|
|
Ensure that all uses of <tt>scanf</tt> check the return value against the expected number of arguments
|
|
rather than just against zero
|
|
</p>
|
|
</recommendation>
|
|
|
|
<example>
|
|
<p>This example shows different ways of guarding a <tt>scanf</tt> output:
|
|
</p>
|
|
<sample src="IncorrectCheckScanf.cpp" />
|
|
</example>
|
|
|
|
<references>
|
|
<li>SEI CERT C++ Coding Standard: <a href="https://wiki.sei.cmu.edu/confluence/display/cplusplus/ERR62-CPP.+Detect+errors+when+converting+a+string+to+a+number">ERR62-CPP. Detect errors when converting a string to a number</a>.</li>
|
|
<li>SEI CERT C Coding Standard: <a href="https://wiki.sei.cmu.edu/confluence/display/c/ERR33-C.+Detect+and+handle+standard+library+errors">ERR33-C. Detect and handle standard library errors</a>.</li>
|
|
<li>cppreference.com: <a href="https://en.cppreference.com/w/c/io/fscanf">scanf, fscanf, sscanf, scanf_s, fscanf_s, sscanf_s</a>.</li>
|
|
</references>
|
|
</qhelp>
|