[metadata]
id = "ERR07-C"
type = "recommendation"
category = "ERR"
number = 7
title = "Prefer functions that support error checking over equivalent functions that don't"
description = """
When you have a choice of two functions to accomplish the same task, prefer the
one with better error checking and reporting. The following table shows a list
of C standard library functions that provide limited or no error checking and
reporting along with preferable alternatives:
FunctionPreferableAlternativeCommentsatofstrtodNo error indication,undefined
behavioron erroratoistrtolNo error indication, undefined behavior on
erroratolstrtolNo error indication, undefined behavior on erroratollstrtollNo
error indication, undefined behavior on errorrewindfseekNo error indication,
silent failure on errorsetbufsetvbufNo error indication, silent failure on
errorctimeasctime/localtimeUndefined behavior iflocaltimefails
"""
severity = "Medium"
likelihood = "Probable"
priority = "P12"
level = "L1"
cert_version = "2016 Edition (Wiki)"
last_modified = "Jul 24, 2025"
[rules.cert_c.ERR07-C]
enabled = true
[references]
wiki = "https://wiki.sei.cmu.edu/confluence/display/c/ERR07-C.+Prefer+functions+that+support+error+checking+over+equivalent+functions+that+don%27t"
cwe = ["CWE-20", "CWE-79", "CWE-89", "CWE-91", "CWE-94", "CWE-114", "CWE-601", "CWE-676"]