Page History

According to C99the C Standard, Section 7.1923.3 p6, paragraph 6 [ISO/IEC 9899:2024],

The address of the FILE object used to control a stream may be significant; a copy of a FILE object need is not required to serve in place of the original.

Consequently, do not use a copy of a FILE object in any input/output operations.

Noncompliant Code Example

This noncompliant code example can fail because a by-value copy of stdout is being used in the call to fputs().:

#include <stdio.h>
 
int main(void) {
  FILE my_stdout = *(stdout);
  if (fputs("Hello, World!\n", &my_stdout) == EOF) {
    /* Handle error */
  }
  return 0;
}

For example, this noncompliant example fails with When compiled under Microsoft Visual Studio 2013 and run on Windows, this noncompliant example results in an "access violation" when compiled under Microsoft Visual Studio 2005 and run under Windowsat runtime.

Compliant Solution

In this compliant solution, a copy of the stdout pointer to the FILE object is used in the call to fputs().:

#include <stdio.h>
 
int main(void) {
  FILE *my_stdout = stdout;
  if (fputs("Hello, World!\n", my_stdout) == EOF) {
    /* Handle error */
  }
  return 0;
}

Risk Assessment

Using a copy of a FILE object in place of the original may result in a crash, which can be used in a denial-of-service attack.

Automated Detection

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

...

Key here (explains table format and definitions)

Taxonomy	Taxonomy item	Relationship
ISO/IEC TS 17961:2013	Copying a FILE object [filecpy]	Prior to 2018-01-12: CERT: Unspecified Relationship

Bibliography

CERT C++ Secure Coding Standard: FIO38-CPP. Do not use a copy of a FILE object for input and output

...

...

Bibliography

...

FIO37-C. Do not assume that fgets() returns a nonempty string when successful      09. Input Output (FIO)      Image Added Image Added Image Modified