MISRAC2012-Dir-4.14_a
In this section:
Synopsis
(Required) The validity of values received from external sources shall be checked.
Enabled by default
Yes
Severity/Certainty
Medium/Medium
Full description
User input used as an argument to printf without validation.
Coding standards
- MISRA C:2012 Dir-4.14
(Required) The validity of values received from external sources shall be checked
Code examples
The following code example fails the check and will give a warning:
#include <stdio.h>
void example (void) {
char input [256];
scanf ("%s", input);
printf ("%s", input);
}
The following code example passes the check and will not give a warning about this issue:
#include <stdio.h>
void example (void) {
char input[256];
scanf ("%s", input);
if (input[256] == '\0') {
printf ("%s", input);
}
}