(Do not read in from a stream directly following output to that stream)
Receiving input from a stream directly following an output to that stream without an intervening call to fflush()
, fseek()
, fsetpos()
, or rewind()
results in undefined behavior. Therefore, a call to one of these functions is necessary in between input and output to the same update stream.
Non-Compliant Code Example
In this non-compliant code example, a device is opened for updating, data are sent to it, and then the response is read back.
Code Block | ||
---|---|---|
| ||
/* some device used for both input and output */
char const *filename = "/dev/device2";
FILE *ptr = fopen(filename, "rb+");
/* write to ptr's stream */
/* read response from ptr's stream */
|
However, the output buffer is not flushed before receiving input back from the stream, so the data may not have actually been sent, resulting in unexpected behavior.
Compliant Solution
In the compliant solution, fflush()
is called in between the output and input.
Code Block | ||
---|---|---|
| ||
/* some device used for both input and output */
char const *filename = "/dev/device2";
FILE *ptr = fopen(filename, "rb+");
/* write to ptr's stream */
fflush(ptr);
/* read response from ptr's stream */
|
This ensures that all data has been cleared from the buffer before continuing.
Risk Assessment
Failing to flush the output buffer may result in data not being sent over the stream, causing unexpected program behavior.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
FIO39-C | 1 (low) | 2 (probable) | 2 (medium) | P4 | L3 |
References
Wiki Markup |
---|
\[[ISO/IEC 9899-1999:TC2|AA. C References#ISO/IEC 9899-1999TC2]\] Section 7.9.15.3, "The {{fopen}} function" |