Page History

The C99 {{fopen()}} function is used to open an existing file or create a new one \[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\]. However, {{fopen()}} does not indicate if an existing file has been opened for writing or a new file has been created. This may lead to a program overwriting or accessing an unintended file.

The ISO/IEC TR 24731-1 {{fopen_s()}} function is designed to improve the security of the {{fopen()}} function \[[ISO/IEC TR 24731-1:2007|AA. C References#SO/IEC TR 24731-1-2007]\]. However, like {{fopen()}}, {{fopen_s()}} provides no mechanism to determine if an existing file has been opened for writing or a new file has been created.

The {{open()}} function, as defined in the Open Group Base Specifications Issue 6 \[[Open Group 04|AA. C References#Open Group 04]\], is available on many platforms and provides finer control than {{fopen()}}.  In particular, {{fopen()}} accepts the {{O_CREAT}} and {{O_EXCL}} flags.  When used together, these flags instruct the {{open()}} function to fail if the file specified by {{file_name}} already exists.

Section 12.3 of the GNU C Library says: \[[Loosemore 07|AA. C References#Loosemore 07]\]

For code that operates on {{FILE}} pointers and not file descriptors, the POSIX {{fdopen()}} function can be used to associate an open stream with the file descriptor returned by {{open()}}, as shown in this compliant solution \[[Open Group 04|AA. C References#Open Group 04]\].