SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 10

changes.mady.by.user Lee Mancuso

Saved on

compared with

New Version Current

changes.mady.by.user Kris Kafka

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added PC-lint Plus to Automated Detection Table

The C standard specifies Standard identifies specific strings to use for the mode for the function fopen(). An implementation may define extra strings that define additional modes, but only the modes in on calls to fopen() and fopen_s(). C11 provides a new mode flag, x, that provides the mechanism needed to determine if the file that is to be opened exists. To be strictly conforming and portable, one of the strings from the following table (adapted from the C99 standard) are fully portable and C99 compliant:C Standard, subclause 7.21.5.2 [ISO/IEC 9899:2011]) must be used:

Strings to Use for the Mode on Calls to fopen() and fopen_s()

mode String

mode string

Result

r

open

Open text file for reading

w

truncate

Truncate to zero length or create text file for writing

wx

Create text file for writing

a

append

Append; open or create text file for writing at end-of-file

rb

open

Open binary file for reading

wb

truncate

Truncate to zero length or create binary file for writing

wbx

Create binary file for writing

ab

append

Append; open or create binary file for writing at end-of-file

r+

open

Open text file for update (reading and writing)

w+

truncate

Truncate to zero length or create text file for update

w+x

Create text file for update

a+

append

Append; open or create text file for update, writing at end-of-file

r+b or rb+

open

Open binary file for update (reading and writing)

w+b or wb+

truncate

Truncate to zero length or create binary file for update

w+bx or wb+x

Create binary file for update

a+b or ab+

append

Append; open or create binary file for update, writing at end-of-file

If the mode string begins with one of these sequences, the implementation might choose to ignore the remaining characters, or it might use them to select different kinds of files.

When calling fopen_s(), any of the mode strings used for writing (w or a) may be prefixed with the u character to give the file system default access permissions.

An implementation may define additional mode strings, but only the modes shown in the table are fully portable and C compliant. Beware that Microsoft Visual Studio 2012 and earlier do not support the x or u mode characters [MSDN].

Risk Assessment

Using a non-standard mode will lead to undefined behavior, likely causing mode string that is not recognized by an implementation may cause the call to fopen() to fail.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

FIO11-

A

1 (low)

2 (probable)

3 (low)

P6

L2

C

Medium

Probable

Medium

P8

L2

Automated Detection

Tool

Version

Checker

Description

Compass/ROSE




LDRA tool suite
Include Page
LDRA_V
LDRA_V

590 S

Partially implemented

PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

2472, 2473

Fully supported

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rec. FIO11-C

Checks for bad file access mode or status (rec. fully covered)

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

...

Related Guidelines

SEI CERT C++ Coding StandardVOID FIO11-CPP. Take care when specifying the mode parameter of fopen()

Bibliography

...

[ISO/IEC

...

9899:2011]Subclause 7.21.5.3,

...

"The fopen Function"


...

Image Added Image Added Image AddedThe {{fopen}} function"FIO10-A. Take care when using the rename() function      009. Input Output (FIO)       FIO12-A. Prefer setvbuf() to setbuf()