Secure coding and formatted input
Memloop posted a link to an article on secure coding in C that recommended that one "use strtol() or a related function to convert a string token to an integer". Reading the C++ version of that article, I see that formatted input with operator>> is criticised as it "has undefined behavior if the value of the result of this operation cannot be represented as an integer". Is this true?
Empirical evidence with the MinGW port of g++ 3.4.5 and MSVC9 show that formatted input with operator>> is able to detect overflow when reading to an integer variable, but such evidence is insufficient when contemplating undefined behaviour.