[metadata]
id = "INT15-C"
type = "recommendation"
category = "INT"
number = 15
title = "Use intmax_t or uintmax_t for formatted IO on programmer-defined integer types"
description = """
Few programmers consider the issues around formatted I/O and type definitions. A
programmer-defined integer type might be any type supported by
theimplementation, even a type larger thanunsigned long long. For example, given
an implementation that supports 128-bit unsigned integers and provides
auint_fast128_ttype, a programmer may define the following type: typedef
uint_fast128_t mytypedef_t; Furthermore, the definition of programmer-defined
types may change, which creates a problem when these types are used with
formatted output functions, such asprintf(), and formatted input functions, such
asscanf(). (SeeFIO47-C. Use valid format strings.)
"""
severity = "High"
likelihood = "Unlikely"
priority = "P6"
level = "L2"
cert_version = "2016 Edition (Wiki)"
last_modified = "May 20, 2025"
[rules.cert_c.INT15-C]
enabled = true
[references]
wiki = "https://wiki.sei.cmu.edu/confluence/display/c/INT15-C.+Use+intmax_t+or+uintmax_t+for+formatted+IO+on+programmer-defined+integer+types"
cwe = ["CWE-681"]