...
Strings to Use for the Mode on Calls to fopen() and fopen_s()
| Result |
|---|---|
| Open text file for reading |
| Truncate to zero length or create text file for writing |
| Create text file for writing |
| Append; open or create text file for writing at end-of-file |
| Open binary file for reading |
| Truncate to zero length or create binary file for writing |
| Create binary file for writing |
| Append; open or create binary file for writing at end-of-file |
| Open text file for update (reading and writing) |
| Truncate to zero length or create text file for update |
| Create text file for update |
| Append; open or create text file for update, writing at end-of-file |
| Open binary file for update (reading and writing) |
| Truncate to zero length or create binary file for update |
| Create binary file for update |
| Append; open or create binary file for update, writing at end-of-file |
If the mode string begins with one of these sequences, the implementation might choose to ignore the remaining characters, or it might use them to select different kinds of files.
...
Using a mode string that is not recognized by an implementation may cause the call to fopen() to fail.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
FIO11-C | Medium | Probable | Medium | P8 | L2 |
Automated Detection
Tool | Version | Checker | Description |
|---|---|---|---|
| Compass/ROSE |
| LDRA tool suite |
| 590 S | Partially implemented | ||||||
| PC-lint Plus |
| 2472, 2473 | Fully supported | ||||||
| Polyspace Bug Finder |
|
| CERT C: Rec. FIO11-C | Checks for bad |
file access mode or status |
fopen or open group is invalid(rec. fully covered) |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Bibliography
| [ISO/IEC 9899:2011] | Subclause 7.21.5.3, "The fopen Function" |
...
...