SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 74

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 75

changes.mady.by.user Unknown User (lflynn)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

Key here (explains table format and definitions)

Taxonomy

Taxonomy item

Relationship

CERT CSEI CERT C++ Coding StandardFIO50-CPP. Do not alternately input and output from a file stream without an intervening positioning callPrior to 2018-01-12: CERT: Unspecified Relationship
ISO/IEC TS 17961:2013Interleaving stream inputs and outputs without a flush or positioning call [ioileave]Prior to 2018-01-12: CERT: Unspecified Relationship
CWE 2.11CWE-6642017-07-10: CERT: Rule subset of CWE

CERT-CWE Mapping Notes

Key here for mapping notes

CWE-664 and FIO39-C

CWE-664 = Union( FIO39-C, list) where list =

  • Improper use of an object (besides alternating reading/writing a file stream without an intervening flush

This CWE is vague on what constitutes “improper control of a resource”. It could include any violation of an object’s method constraints (whether they are documented or not). Or it could be narrowly interpreted to mean object creation and object destruction (which are covered by other CWEs).

Bibliography

[ISO/IEC 9899:2011]7.21.5.3, "The fopen Function"

...