Page History

According to the C Standard, 7.23.3, paragraph 6 [ISO/IEC 9899:2024],

The address of the FILE object used to control a stream may be significant; a copy of a FILE object

...

is not required to serve in place of the original.

Consequently, do not copy Do not use a copy of a FILE object in any input/output operations.

...

Noncompliant Code Example

This non-compliant noncompliant code example can fail because a by-value copy of stdout is being used in the call to fputs().:

#include <stdio.h>
 
int main(void) {
    FILE my_stdout = *(stdout);
  if  (fputs("Hello, World!\n", &my_stdout);
 == EOF) {
    /* Handle error */
  }
  return 0;
}

For example, this non-compliant example fails with an "access violation" when When compiled under Microsoft Visual Studio 2005 2013 and run on an IA-32 platformWindows, this noncompliant example results in an "access violation" at runtime.

Compliant Solution

In this compliant solution, a copy of the stdout pointer to the FILE object is used in the call to fputs().:

#include <stdio.h>
 
int main(void) {
    FILE *my_stdout = stdout;
  if  (fputs("Hello, World!\n", my_stdout);) == EOF) {
    /* Handle error */
  }
  return 0;
}

Risk Assessment

Using a copy of a FILE object in place of the original may result in a crash, which can be used in a denial-of-service attack.

Automated Detection

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.19.3, "Files"

Related Guidelines

Key here (explains table format and definitions)

Bibliography

...

Image Added Image Added Image AddedFIO37-C. Don't assume character data has been read      09. Input Output (FIO)       FIO39-C. Do not read in from a stream directly following output to that stream