The C standard Standard identifies specific strings to use for the {{ Wiki Markup mode
}} on calls to {{fopen()}} \[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\]. To be strictly conforming and portable, one of the strings from the following table (adapted from the C standard) must be used:calls to fopen()
and fopen_s()
. C11 provides a new mode flag, x
, that provides the mechanism needed to determine if the file that is to be opened exists. To be strictly conforming and portable, one of the strings from the following table (adapted from the C Standard, subclause 7.21.5.2 [ISO/IEC 9899:2011]) must be used:
Strings to Use for the Mode on Calls to fopen()
and fopen_s()
| Result |
---|---|
| Open |
mode
string
Result
r
text file for reading |
|
Truncate to zero length or create text file for writing | |
| Create text file for writing |
|
Append; open or create text file for writing at end-of-file |
|
Open binary file for reading |
|
Truncate to zero length or create binary file for writing | |
| Create binary file for writing |
|
Append; open or create binary file for writing at end-of-file |
|
Open text file for update (reading and writing) |
|
Truncate to zero length or create text file for update | |
| Create text file for update |
|
Append; open or create text file for update, writing at end-of-file |
|
Open binary file for update (reading and writing) |
|
Truncate to zero length or create binary file for update | |
| Create binary file for update |
|
Append; open or create binary file for update, writing at end-of-file |
If the mode
string begins with one of these sequences, the the implementation might choose to ignore the remaining characters, or it might use them to select different kinds of files.
When calling fopen_s()
, any of the mode strings used for writing (w
or a
) may be prefixed with the u
character to give the file system default access permissions.
An implementation may define additional mode
strings, but only the modes shown in the table are fully portable and C compliant. Beware that Microsoft Visual Studio 2012 and earlier do not support the x
or u
mode characters [MSDN] An [implementation|BB. Definitions#implementation] may define additional mode strings, but only the modes in the above table are fully portable and C99 \[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] compliant. Wiki Markup
Risk Assessment
Using a mode
string that is not recognized by an implementation may cause the call to fopen()
to fail.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
FIO11- |
C |
Medium |
Probable |
Medium | P8 | L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Compass/ROSE | |||||||||
LDRA tool suite |
| 590 S | Partially implemented | ||||||
PC-lint Plus |
| 2472, 2473 | Fully supported | ||||||
Polyspace Bug Finder |
| CERT C: Rec. FIO11-C | Checks for bad file access mode or status (rec. fully covered) |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
Wiki Markup |
---|
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.9.15.3, "The {{fopen}} function" |
Related Guidelines
Bibliography
[ISO/IEC 9899:2011] | Subclause 7.21.5.3, "The fopen Function" |
...
FIO10-A. Take care when using the rename() function 09. Input Output (FIO) FIO12-A. Prefer setvbuf() to setbuf()