According to the C Standard, subclause 7.21.3, paragraph 6 [ISO/IEC 9899:2011],
The address of the
FILEobject used to control a stream may be significant; a copy of aFILEobject need not serve in place of the original.
...
Using a copy of a FILE object in place of the original may result in a crash, which can be used in a denial-of-service attack.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
FIO38-C | lowLow | probableProbable | mediumMedium | P4 | L3 |
Automated Detection
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Compass/ROSE | Can detect simple violations of this rule | ||||||||
| 591 S | Fully implemented |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| CERT C++ Secure Coding Standard | FIO38-CPP. Do not use a copy of a FILE object for input and output |
| ISO/IEC TS 17961 (Draft) | Copying a FILE object [filecpy] |
Bibliography
| [ISO/IEC 9899:2011] | Subclause 7.21.3, "Files" |
...