Use of atoi/atol/atof with no error handling or overflow checking

ID

c.miscellaneous.insecure_api_atoi_atol_atof

Severity

low

Resource

Miscellaneous

Language

C / C++

Description

The atoi(), atol(), atof(), and similar functions don’t handle errors. They don’t check for integer overflow and can return a negative value. They have undefined behavior if the value of the result cannot be represented. They return 0 (or 0.0) if the string does not represent an integer (or decimal), which is indistinguishable from a correctly formatted, zero-denoting input string.

Rationale

The atoi(), atol(), atof(), and similar functions don’t handle errors. They don’t check for integer overflow and can return a negative value. They have undefined behavior if the value of the result cannot be represented. They return 0 (or 0.0) if the string does not represent an integer (or decimal), which is indistinguishable from a correctly formatted, zero-denoting input string.

The following code illustrates a vulnerable pattern detected by this rule:

int converter_bad(const char *numstr)
{
	// VULNERABLE: Use of atoi/atol/atof with no error handling or overflow checking
	return atoi(numstr);
}

Remediation

Follow secure coding practices and review the references below for detailed remediation guidance.

Configuration

This detector does not need any configuration.

References