MISRA C++:2008 Rule 27-0-1

The stream input/output library <cstdio> shall not be used

Description

The stream input/output library <cstdio> shall not be used.¹

Functions in cstdio such as gets(), fgetpos(), fopen(), ftell(), etc. have unspecified, undefined and implementation-defined behavior.

For instance:

The gets() function:
```
char * gets ( char * buf );
```
does not check if the number of characters provided at the standard input exceeds the buffer buf. The function can have unexpected behavior when the input exceeds the buffer.
The fopen function has implementation-specific behavior related to whether it sets errno on errors or whether it accepts additional characters following the standard mode specifiers.

Polyspace^® reports a violation of this rule if you use the functions declared in <cstdio>. Polyspace detects the use of these cstdio functions:

File operation functions such as remove() and rename().
File access functions such as fclose(),fflush(), and fopen().
Formatted input/output functions such as fprintf(), fscanf(), printf(), and scanf().
Character input output functions such as fgetc(), fgets(), fputc(), and getc().
Direct input/output functions such as fread() and fwrite().
File positioning functions such as fgetpos() and fsetpos().
Error handling functions such as clearerr(), ferror(), and perror().

If you expect a rule violation but Polyspace does not report it, see Diagnose Why Coding Standard Violations Do Not Appear as Expected.

#include <cstdio>

void func()
{
    char array[10];
    fgets(array, sizeof array, stdin); //Noncompliant
}

The use of fgets() violates this rule.

Group: Input/output Library

Category: Required

Introduced in R2013b