Page History

According to the C Standard, Section 7.2123.3, paragraph 6 [ISO/IEC 9899:20112024],

The address of the FILE object used to control a stream may be significant; a copy of a FILE object need is not required to serve in place of the original.

...

This noncompliant code example can fail because a by-value copy of stdout is being used in the call to fputs().:

Code Block

bgColor	#FFCCCC
lang	c

#include <stdio.h>
 
int main(void) {
  FILE my_stdout = *(stdout);  /* violation */
  if (fputs("Hello, World!\n", &my_stdout) == EOF) {
    /* Handle error */
  }
  return 0;
}

For example, this noncompliant example raises When compiled under Microsoft Visual Studio 2013 and run on Windows, this noncompliant example results in an "access violation" exception at runtime when compiled under Microsoft Visual Studio Express 2012 and run under Windows.

Compliant Solution

In this compliant solution, a copy of the stdout pointer to the FILE object is used in the call to fputs().:

Code Block

bgColor	#ccccff
lang	c

#include <stdio.h>
 
int main(void) {
  FILE *my_stdout = stdout;
  if (fputs("Hello, World!\n", my_stdout) == EOF) {
    /* Handle error */
  }
  return 0;
}

...

Using a copy of a FILE object in place of the original may result in a crash, which can be used in a denial-of-service attack.

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
FIO38-C

low

Low

probable

Probable

medium

Medium

P4

L3

Automated Detection

Tool Version Checker Description

Astrée

Include Page

	Astrée_V
	Astrée_V

file-dereference

Partially checked

Axivion Bauhaus Suite

Include Page

	Axivion Bauhaus Suite_V
	Axivion Bauhaus Suite_V

CertC-FIO38

Fully implemented

Clang

Include Page

	Clang_38_V
	Clang_38_V

misc-non-copyable-objects

Checked with clang-tidy

Compass/ROSE

Can detect simple violations of this rule

Coverity

Include Page

	Coverity_V
	Coverity_V

MISRA C 2012 Rule 22.5

Partially implemented

Cppcheck Premium

Include Page

	Cppcheck Premium_V
	Cppcheck Premium_V

premium-cert-fio38-c

Fully implemented

Helix QAC

Include Page

	Helix QAC_V
	Helix QAC_V

C1485, C5028

C++3113, C++3114

Klocwork

Include Page

	Klocwork_V
	Klocwork_V

MISRA.FILE_PTR.DEREF.2012
MISRA.FILE_PTR.DEREF.CAST.2012
MISRA.FILE_PTR.DEREF.INDIRECT.2012
MISRA.FILE_PTR.DEREF.RETURN.2012

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

591 S

Fully implemented

.

Parasoft C/C++test

Include Page

	Parasoft_V
	Parasoft_V

CERT_C-FIO38-a

A pointer to a FILE object shall not be dereferenced

PC-lint Plus

Include Page

	PC-lint Plus_V
	PC-lint Plus_V

9047

Partially supported: reports when a FILE pointer is dereferenced

Polyspace Bug Finder

Include Page

	Polyspace Bug Finder_V
	Polyspace Bug Finder_V

CERT C: Rule FIO38-C

Checks for misuse of a FILE object (rule fully covered)

RuleChecker

Include Page

	RuleChecker_V
	RuleChecker_V

file-dereference

Partially checked

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

Key here (explains table format and definitions)

Taxonomy	Taxonomy item	Relationship

CERT C++ Secure Coding Standard FIO38-CPP. Do not use a copy of a FILE object for input and output


ISO/IEC TS 17961

(Draft)

:2013 Copying a FILE object [filecpy] Prior to 2018-01-12: CERT: Unspecified Relationship

Bibliography

[ISO/IEC 9899:

2011

2024]

Section

7.

21

23.3, "Files"

...

Image Modified Image Modified Image Modified

Space shortcuts

Page tree

Versions Compared

Old Version 52

New Version Current

Key

Compliant Solution

Automated Detection

Related Vulnerabilities

Related Guidelines

Bibliography