SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 56

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version 57

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This noncompliant code example appends data to a file and then reads from the same file.:

Code Block
bgColor#ffcccc
langc
char data[BUFFERSIZE];
char append_data[BUFFERSIZE];
char *file_name;
FILE *file;

/* Initialize file_name */

file = fopen(file_name, "a+");
if (file == NULL) {
  /* Handle error */
}

/* Initialize append_data */

if (fwrite(append_data, BUFFERSIZE, 1, file) != BUFFERSIZE) {
  /* Handle error */
}
if (fread(data, BUFFERSIZE, 1, file) != 0) {
  /* Handle there not being data */
}

fclose(file);

...

In this compliant solution, fseek() is called between the output and input, eliminating the undefined behavior.:

Code Block
bgColor#ccccff
langc
char data[BUFFERSIZE];
char append_data[BUFFERSIZE];
char *file_name;
FILE *file;

/* Initialize file_name */

file = fopen(file_name, "a+");
if (file == NULL) {
  /* Handle error */
}

/* Initialize append_data */

if (fwrite(append_data, BUFFERSIZE, 1, file) != BUFFERSIZE) {
  /* Handle error */
}

if (fseek(file, 0L, SEEK_SET) != 0) {
  /* Handle error */
}

if (fread(data, BUFFERSIZE, 1, file) != 0) {
  /* Handle there not being data */
}

fclose(file);

...

Tool

Version

Checker

Description

Compass/ROSE

  

Can detect simple violations of this rule.

Fortify SCA

5.0

 

Can detect violations of this rule with CERT C Rule Pack.

LDRA tool suite

Include Page
LDRA_V
LDRA_V

84 D

Fully implemented.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

[ISO/IEC 9899:2011]Section 7.21.5.3, "The fopen Function"

 

...