Possible integer overflow or underflow
Description
The `atoi` family of functions can potentially overflow or underflow integer values. Consider using `stroul` instead.
Examples
Insecure Code
c
int x = atoi(user_input);Secure Code
c
unsigned long x = strtoul(user_input, NULL, 10);Remediation
Replace `atoi`, `atol`, `_wtoi`, `_wtoi64` with `stroul` to prevent integer overflows or underflows.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0594 |
| Category | Injection |
| Severity | MEDIUM |
| CWE | CWE-190 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | integer overflow, underflow |
| OWASP | A1:2017-Injection, A03:2021-Injection |