...
Automated Detection
Compass/ROSE can easily identify two instances of the ungetc() function inside a function. Determining if one instance of ungetc() being invoked twice is better handled by dynamic analysisdetect simple violations of this recommendation. In particular, it warns when two calls to ungetc() on the same stream are not interspersed with a file positioning or file read function. It is unable to handle cases where ungetc() is called from inside a loop.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...