Unchecked Return Value of Scanf Functions
Description
The software does not check the return value from scanf functions, which can prevent it from detecting unexpected states and conditions.
Examples
Insecure Code
c
scanf("%d", &x);Secure Code
c
if (scanf("%d", &x) != 1) { handle_error(); }Remediation
Check the return value of scanf functions to handle potential errors.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0488 |
| Category | Injection |
| Severity | MEDIUM |
| CWE | CWE-252 |
| Confidence | MEDIUM |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | scanf, error handling |
| OWASP | N/A |
References
- https://cwe.mitre.org/data/definitions/252
- https://codeql.github.com/codeql-query-help/cpp/cpp-missing-check-scanf/