C and C++ Binaries

BADFUNC.STDIO_H : Use of <stdio.h> Input/Output

Summary

A use of one of the following, declared in <stdio.h>, when defined as a function: clearerr(), ctermid(), cuserid(), fclose(), fdopen(), feof(), ferror(), fflush(), fgetc(), fgetpos(), fgets(), fileno(), flockfile(), fopen(), fprintf(), fputc(), fputs(), fread(), freopen(), fscanf(), fseek(), fseeko(), fsetpos(), ftell(), ftello(), ftrylockfile(), funlockfile(), fwrite(), getc(), getchar(), getc_unlocked(), getchar_unlocked(), getopt(), gets(), getw(), pclose(), perror(), popen(), printf(), putc(), putchar(), putc_unlocked(), putchar_unlocked(), puts(), putw(), remove(), rename(), rewind(), scanf(), setbuf(), setvbuf(), snprintf(), sprintf(), sscanf(), tempnam(), tmpfile(), tmpnam(), ungetc(), vfprintf(), vprintf(), vsnprintf(), vsprintf().

These functions are associated with unspecified, undefined, and implementation-defined behaviors.

If your libc implementation defines these as macros, uses will instead be reported as Use of <stdio.h> Input/Output Macro warnings.

This class is a strict superset of Leftover Debug Code.

 

Categories

Properties

Class Name Use of <stdio.h> Input/Output
Significance style
Mnemonic BADFUNC.STDIO_H
Categories
MisraC2023 MisraC2023:21.6 The Standard Library input/output functions shall not be used
Misra2012 Misra2012:21.6 The Standard Library input/output functions shall not be used
Misra2004 Misra2004:20.9 The input/output library <stdio.h> shall not be used in production code
AUTOSARC++14 AUTOSARC++14:A1-1-1 All code shall conform to ISO/IEC 14882:2014 - Programming Language C++ and shall not use deprecated features.
  AUTOSARC++14:M27-0-1 The stream input/output library <cstdio> shall not be used.
MisraC++2008 MisraC++2008:27-0-1 The stream input/output library <cstdio> shall not be used.
MisraC++2023 MisraC++2023:4.1.2 Deprecated features should not be used
  MisraC++2023:30.0.1 The C Library input/output functions shall not be used
CWE CWE:676 Use of Potentially Dangerous Function
  CWE:758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
JSF++ JSF++:22 The input/output library <stdio.h> shall not be used.
Availability Available for C and C++.
Enabling Checks for this warning class are disabled by default. To enable them, add the following WARNING_FILTER rule to the project configuration file. 
WARNING_FILTER += allow class="Use of <stdio.h> Input/Output"

Example 

#include <stdio.h>

int get_answer(){
  int ans;
  ans = fgetc(stdin); /* Warning issued here:
                       * - 'Use of <stdio.h> Input/Output' if fgetc() implemented as a function
                       * - Use of <stdio.h> Input/Output Macro if fgetc() implemented as a macro
                       */
  if ((ans == (int)('Y')) || ans == (int)('y')){
    return 1;
  }
  return 0;
}

Relevant Configuration File Parameters

This class is implemented using a BAD_FUNCTION_* rule set in the general template configuration file.

The following configuration file parameters affect checks for this warning class.