CERT.ERR.CONV.STR_TO_NUM
Detect errors when converting a string to a number.
When calling a formatted input stream function like istream::operator>>(), information about conversion errors is queried through the basic_ios::good(), basic_ios::bad(), and basic_ios::fail() inherited member functions or through exception handling if it is enabled on the stream object.
Vulnerability and risk
The process of parsing an integer or floating-point number from a string can produce many errors. The string might not contain a number. It might contain a number of the correct type that is out of range (such as an integer that is larger than INT_MAX). The string may also contain extra information after the number, which may or may not be useful after the conversion.
Mitigation and prevention
Always explicitly check the error state of a conversion from string to a numeric value (or handle the related exception, if applicable) instead of assuming the conversion results in a valid value.
Example
1 #include <iostream>
2 using namespace std;
3 void f1() {
4 int i, j;
5 std::cin >> i >> j; //uncompliant code
6 cin >>i>>j; //uncompliant code
7 // ...
8 }
9
10 void f2() {
11 int i, j;
12
13 std::cin.exceptions(std::istream::failbit | std::istream::badbit);
14 try { // Use try catch to process exceptions. It is compliant.
15 std::cin >> i >> j;
16 // ...
17 } catch (std::istream::failure &E) {
18 // Handle error
19 }
20 }
21
22 void f3() {
23 int i;
24 std::cin >> i;
25 if (i>0 && std::cin.fail()) {
26 // Handle failure to convert the value. It is compliant.
27 std::cin.clear();
28 std::cin.ignore(std::numeric_limits<std::streamsize>::max(), ' ');
29 }
30
31 int j;
32 std::cin >> j;
33 if (cin.fail()) {
34 std::cin.clear();
35 std::cin.ignore(std::numeric_limits<std::streamsize>::max(), ' ');
36 }
37
38 // ...
39 }
