...
Alternately inputting and outputting from a stream without an intervening flush or positioning call is undefined behavior.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
FIO39-C | Low | Likely | Medium | P6 | L2 |
Automated Detection
Tool | Version | Checker | Description | ||||
|---|---|---|---|---|---|---|---|
| Astrée |
|
| Supported, but no explicit checker | |
| Compass/ROSE |
Can detect simple violations of this rule | |||||||||
| LDRA tool suite |
| 84 D | Fully implemented | ||||||
| R2017b | Alternating input and output from a stream without flush or positioning call | Undefined behavior for input or output stream operations |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
Key here (explains table format and definitions)
Taxonomy | Taxonomy item | Relationship |
|---|---|---|
| CERT C | FIO50-CPP. Do not alternately input and output from a file stream without an intervening positioning call | Prior to 2018-01-12: CERT: Unspecified Relationship |
| ISO/IEC TS 17961:2013 | Interleaving stream inputs and outputs without a flush or positioning call [ioileave] | Prior to 2018-01-12: CERT: Unspecified Relationship |
| CWE 2.11 | CWE-664 | 2017-07-10: CERT: Rule subset of CWE |
CERT-CWE Mapping Notes
Key here for mapping notes
...
This CWE is vague on what constitutes “improper control of a resource”. It could include any violation of an object’s method constraints (whether they are documented or not). Or it could be narrowly interpreted to mean object creation and object destruction (which are covered by other CWEs).
Bibliography
| [ISO/IEC 9899:2011] | 7.21.5.3, "The fopen Function" |
...
...