Page History

According to the C Standard, 7.23.3, paragraph 6 [ISO/IEC 9899:2024],

The address of the FILE object used to control a stream may be significant; a copy of a FILE object

...

is not required to serve in place of the original.

Consequently, do not copy Do not use a copy of a FILE object in any input/output operations.

...

Noncompliant Code Example

This non-compliant noncompliant code example can fail because a by-value copy of stdout is being used in the call to fputs().:

Code Block

bgColor	#FFCCCC
lang	c


#include <stdio.h>
 
int main(void) {
    FILE my_stdout = *(stdout);
  if  (fputs("Hello, World!\n", &my_stdout);
 == EOF) {
    /* Handle error */
  }
  return 0;
}

Platform Specific Details

This non-compliant example does fails with an "access violation" when When compiled under Microsoft Visual Studio 2005 2013 and run on an IA-32 platformWindows, this noncompliant example results in an "access violation" at runtime.

Compliant Solution

In this compliant solution, a copy of the stdout pointer to the FILE object is used in the call to fputs().:

Code Block

bgColor	#ccccff
lang	c


#include <stdio.h>
 
int main(void) {
    FILE *my_stdout = stdout;
  if  (fputs("Hello, World!\n", my_stdout);
     == EOF) {
    /* Handle error */
  }
  return 0;
}

Risk Assessment

Using a copy of a FILE object in place of the original is likely to may result in a crash, which can be used in a denial-of-service attack.

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
FIO38-C	Low	Probable	Medium	P4	L3

Automated Detection

Tool Version Checker Description

Astrée

Include Page

	Astrée_V
	Astrée_V

file-dereference

Partially checked

Axivion Bauhaus Suite

Include Page

	Axivion Bauhaus Suite_V
	Axivion Bauhaus Suite_V

CertC-FIO38

Fully implemented

Clang

Include Page

	Clang_38_V
	Clang_38_V

misc-non-copyable-objects

Checked with clang-tidy

Compass/ROSE

Can detect simple violations of this rule

Coverity

Include Page

	Coverity_V
	Coverity_V

MISRA C

1 (low)

2 (probable)

2 (medium)

P4

L2

2012 Rule 22.5

Partially implemented

Cppcheck Premium

Include Page

	Cppcheck Premium_V
	Cppcheck Premium_V

premium-cert-fio38-c

Fully implemented

Helix QAC

Include Page

	Helix QAC_V
	Helix QAC_V

C1485, C5028

C++3113, C++3114

Klocwork

Include Page

	Klocwork_V
	Klocwork_V

MISRA.FILE_PTR.DEREF.2012
MISRA.FILE_PTR.DEREF.CAST.2012
MISRA.FILE_PTR.DEREF.INDIRECT.2012
MISRA.FILE_PTR.DEREF.RETURN.2012

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

591 S

Fully implemented

Parasoft C/C++test

Include Page

	Parasoft_V
	Parasoft_V

CERT_C-FIO38-a

A pointer to a FILE object shall not be dereferenced

PC-lint Plus

Include Page

	PC-lint Plus_V
	PC-lint Plus_V

9047

Partially supported: reports when a FILE pointer is dereferenced

Polyspace Bug Finder

Include Page

	Polyspace Bug Finder_V
	Polyspace Bug Finder_V

CERT C: Rule FIO38-C

Checks for misuse of a FILE object (rule fully covered)

RuleChecker

Include Page

	RuleChecker_V
	RuleChecker_V

file-dereference

Partially checked

Related Vulnerabilities

Search for Examples of vulnerabilities resulting from the violation of this rule can be found on the CERT website.

References

Related Guidelines

Key here (explains table format and definitions)

Taxonomy	Taxonomy item	Relationship
ISO/IEC TS 17961:2013	Copying a `FILE` object [filecpy]	Prior to 2018-01-12: CERT: Unspecified Relationship

Bibliography

[ISO/IEC 9899:2024]

7.23.3, "Files"

...

Image Added Image Added Image Added Wiki Markup\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.19.3, "Files"

Space shortcuts

Page tree

Versions Compared

Old Version 13

New Version Current

Key

Noncompliant Code Example

Platform Specific Details

Compliant Solution

Risk Assessment

Automated Detection

Related Vulnerabilities

References

Related Guidelines

Bibliography