Section 7.1921.5.3 of C99 C11 places the following restrictions on update streams [ISO/IEC 9899:19992011]:
When a file is opened with update mode both input and output may be performed on the associated stream. However, output shall not be directly followed by input without an intervening call to the
fflushfunction or to a file positioning function (fseek,fsetpos, orrewind), and input shall not be directly followed by output without an intervening call to a file positioning function, unless the input operation encounters end-of-file. Opening (or creating) a text file with update mode may instead open (or create) a binary stream in some implementations.
...
(See also undefined behavior 143151 in Annex J of C99C11.) Consequently, a call to fseek(), fflush(), or fsetpos() is necessary between input and output to the same stream. (See recommendation FIO07-C. Prefer fseek() to rewind().)
...
Tool | Version | Checker | Description | section|||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Fortify SCA | sectionV. 5.0 | |||||||||||||
| Section | Can detect violations of this rule with CERT C Rule Pack | section. | ||||||||||||
Compass/ROSE | ||||||||||||||
| Section | Can detect simple violations of this rule | section. | ||||||||||||
| section84 D | sectionFully | Implementedimplemented. |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
CERT C++ Secure Coding Standard: FIO39-CPP. Do not alternately input and output from a stream without an intervening flush or positioning call
ISO/IEC 9899:19992011 Section 7.1921.5.3, "The fopen function"
ISO/IEC TR 17961 (Draft) Interleaving stream inputs and outputs without a flush or positioning call [ioileave]
Bibliography
...