This issue has been automatically converted from the original issue lists and some formatting may not have been preserved.
Authors: WG14, Clive Pygott
Date: 2016-03-01
Reference document: N2006
Submitted against: C Secure Coding Rules TS 17961:2013
Status: Fixed
Fixed in: C Secure Coding Rules TS 17961:202y
Converted from: n2150.htm
This suggestion comes from MISRA, as they are adding support for 17961 to their rules.
Rule 5.40 names a number of functions that can attempt to write beyond the bounds of the target array, if supplied with tainted input, namely: fscanf, scanf, vfscanf, vscanf, sscanf, vsscanf and sprintf.
The observation is that vsprintf should be included in this list. Also the _s versions of all the above (including vsprintf_s) should be included, as they also can write beyond the end of the target array.
It is suggested that this is a defect rather than an enhancement, as from the rationale for the rule, they should have been included when drafted.
Comment from WG14 on 2017-04-07:
Apr 2016 meeting
The committee agrees with the author.
To 5.40 Rule section first sentence change:
Calls to the
fscanf,scanf,vfscanf, andvsscanffunctions that pass...
to
Calls to the
fscanf,scanf,vfscanf, andvsscanffunctions, and their Annex K counterpartsfscanf_s,scanf_s,vfscanf_s, andvsscanf_s, that pass...
To 5.40 Rule section second sentence change:
Calls to the
sscanfandvsscanffunctions
to
Calls to the
sscanf,vsscanf,sscanf_s, andvsscanf_sfunctions
To 5.40 Rule section third sentence change:
Calls to the
sprintffunction that
to
Calls to the
sprintf,vsprintf,sprintf_s, andvsprintf_sfunctions that