Add atoi() and atol(). It's a little lame, but at least it's there.

git-svn-id: svn+ssh://svn.code.sf.net/p/flawfinder/code/trunk@14 5c01084b-1f27-0410-9f85-80411afe95dc
2007-01-16 23:20:49 +00:00 · 2007-01-16 23:20:49 +00:00 · 1331cd7aae
parent ec80c6eacd
commit 1331cd7aae
3 changed files with 10 additions and 2 deletions
--- a/correct-results.html
+++ b/correct-results.html
@ -11,7 +11,7 @@
 Here are the security scan results from
 <a href="http://www.dwheeler.com/flawfinder">Flawfinder version 1.27</a>,
 (C) 2001-2004 <a href="http://www.dwheeler.com">David A. Wheeler</a>.
-Number of dangerous functions in C/C++ ruleset: 158
+Number of dangerous functions in C/C++ ruleset: 160
 <p>
 Examining test.c <br>
 Examining test2.c <br>
--- a/correct-results.txt
+++ b/correct-results.txt
@ -1,5 +1,5 @@
 Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler.
-Number of dangerous functions in C/C++ ruleset: 158
+Number of dangerous functions in C/C++ ruleset: 160
 Examining test.c
 Examining test2.c
 test.c:32:  [5] (buffer) gets:
--- a/8
+++ b/8
@ -971,6 +971,14 @@ c_ruleset = {
        "or embedded spaces could allow an attacker to force a different program to run",
      "shell", "", {'check_for_null' : 1}),

+  "atoi|atol":
+     (normal, 2,
+      "Unless checked, the resulting number can exceed the expected range",
+      " If source untrusted, check both minimum and maximum, even if the" +
+      " input had no minus sign (large numbers can roll over into negative" +
+      " number; consider saving to an unsigned value if that is intended)",
+      "integer", "dangers-c", {}),
+
  # Random values.  Don't trigger on "initstate", it's too common a term.
  "drand48|erand48|jrand48|lcong48|lrand48|mrand48|nrand48|random|seed48|setstate|srand|strfry|srandom":
     (normal, 3,