CWE Rule 464
Description
The accidental addition of a data-structure sentinel can cause serious programming logic problems.
Polyspace Implementation
The rule checker checks for:
Unsafe conversion from string to numeric value
Input string not null-terminated
Examples
This issue occurs when you perform conversions from strings to integer or floating-point values and your conversion method does not include robust error handling.
Converting a string to numerical value can cause data loss or misinterpretation. Without validation of the conversion or error handling, your program continues with invalid values.
To fix the use, do one of the following:
Add additional checks to validate the numerical value.
Use a more robust string-to-numeric conversion function such as
strtol,strtoll,strtoul, orstrtoull.
atoiIn this example, argv1 is converted to an integer with atoi. atoi does not provide errors for an invalid integer string. The conversion can fail unexpectedly.
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
static int demo_check_string_not_empty(char *s)
{
if (s != NULL)
return strlen(s) > 0; /* check string null-terminated and not empty */
else
return 0;
}
int unsafestrtonumeric(char* argv1)
{
int s = 0;
if (demo_check_string_not_empty(argv1))
{
s = atoi(argv1); // Noncompliant
}
return s;
}strtol InsteadOne possible correction is to use strtol to validate the input string and the converted integer.
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <limits.h>
#include <errno.h>
static int demo_check_string_not_empty(char *s)
{
if (s != NULL)
return strlen(s) > 0; /* check string null-terminated and not empty */
else
return 0;
}
int unsafestrtonumeric(char *argv1)
{
char *c_str = argv1;
char *end;
long sl;
if (demo_check_string_not_empty(c_str))
{
errno = 0; /* set errno for error check */
sl = strtol(c_str, &end, 10);
if (end == c_str)
{
(void)fprintf(stderr, "%s: not a decimal number\n", c_str);
}
else if ('\0' != *end)
{
(void)fprintf(stderr, "%s: extra characters: %s\n", c_str, end);
}
else if ((LONG_MIN == sl || LONG_MAX == sl) && ERANGE == errno)
{
(void)fprintf(stderr, "%s out of range of type long\n", c_str);
}
else if (sl > INT_MAX)
{
(void)fprintf(stderr, "%ld greater than INT_MAX\n", sl);
}
else if (sl < INT_MIN)
{
(void)fprintf(stderr, "%ld less than INT_MIN\n", sl);
}
else
{
return (int)sl;
}
}
return 0;
}This issue occurs when both of these conditions are true:
You obtain a string from an input function that does not necessarily terminates the string by a null character.
You use the input string that does not have the terminating null character in places where a null-terminated string is expected.
For example, in this code, the constructor of
std::string expects a string terminated by a null character, but
str is not
null-terminated.
char str[10];
scanf("%10c", str);
std::string S(str);//Null-terminated string expected Functions in the C++ library assume that a valid string is terminated by a null character and apply this assumption string algorithms. Using these functions and algorithms with a string that lacks a terminating null character results in undefined behavior.
The fix for this issue depends on the context:
You can fix this issue by terminating raw input strings by a null. For example, this code declares
strwith 11 elements. After filling the first 10 elements with the raw input, assign the last element the value'\0'. After manually terminating the input string with a null character, you can use the input string with standard template library (STL) string functions without violating this rule.char str[11]; scanf("%10c", str); str[10] = '\0'; std::string S(str);//Valid stringSome C++ functions accepts character pointers or substrings as input. These functions can correctly handle a raw character array without a terminating null character. For instance, This code constructs the
std::stringobjectSby using a nondefault constructor. This constructor allows the use ofstr, which lacks a terminating null character. Such uses do not violate this rule.char str[10]; scanf("%10c", str); std::string S(str,sizeof(str));//Valid use of substring
In this example, the read function accepts an array of characters,
which is then stored in the char array buffer.
Because bufferdoes not have a terminating null character, using
buffer with the function printf() results in
undefined behavior. Polyspace reports a violation of this rule.
#include <iostream>
#include <string>
#include <fstream>
#include <cstdio>
void echo_instream(std::istream& instream) {
//...
char buffer[10];
instream.read(buffer,sizeof(buffer));
//...
printf("%s", buffer); //Noncompliant
//...
}
'\0'To fix this issue, manually add the terminating null character at the end of
buffer.
#include <iostream>
#include <string>
#include <fstream>
#include <cstdio>
void echo_instream(std::istream& instream) {
//...
char buffer[10];
instream.read(buffer,sizeof(buffer)-1);
buffer[9] = '\0';
//...
printf("%s", buffer); //Compliant
//...
}
Check Information
| Category: Data Neutralization Issues |
PQL Name: std.cwe_native.R464 |
Version History
Introduced in R2026a
See Also
External Websites
MATLAB Command
You clicked a link that corresponds to this MATLAB command:
Run the command by entering it in the MATLAB Command Window. Web browsers do not support MATLAB commands.
Select a Web Site
Choose a web site to get translated content where available and see local events and offers. Based on your location, we recommend that you select: .
You can also select a web site from the following list
How to Get Best Site Performance
Select the China site (in Chinese or English) for best site performance. Other MathWorks country sites are not optimized for visits from your location.
Americas
- América Latina (Español)
- Canada (English)
- United States (English)
Europe
- Belgium (English)
- Denmark (English)
- Deutschland (Deutsch)
- España (Español)
- Finland (English)
- France (Français)
- Ireland (English)
- Italia (Italiano)
- Luxembourg (English)
- Netherlands (English)
- Norway (English)
- Österreich (Deutsch)
- Portugal (English)
- Sweden (English)
- Switzerland
- United Kingdom (English)