Page History

Section The C Standard, 7.2123.5.3 of the C Standard , paragraph 7 [ISO/IEC 9899:20112024], places the following restrictions on update streams:

...

The following scenarios can result in undefined behavior. (See undefined behavior :151.)

•  Receiving input from a stream directly following an output to that stream without an intervening call to fflush(), fseek(), fsetpos(), or rewind() if the file is not at end-of-file
•  Outputting to a stream after receiving input from that stream without a call to fseek(), fsetpos(), or rewind() if the file is not at end-of-file

...

Consequently, a call to fseek(), fflush(), or fsetpos() is necessary between input and output to the same stream.

...

See ERR07-C. Prefer functions that support error checking over equivalent functions that don't for more information on why fseek()

...

is preferred over rewind().

...

Noncompliant Code Example

...

#include <stdio.h>
 
enum { BUFFERSIZE = 32 };

extern void initialize_data(char *data, size_t size);
 
void func(const char *file_name) {
  char data[BUFFERSIZE];
  char append_data[BUFFERSIZE];
char *file_name;
  FILE *file;

/* Initialize file_name */

file = fopen(file_name, "a+");
  if (file == NULL) {
    /* Handle error */
  }
 
/* Initialize initialize_data(append_data, */BUFFERSIZE);

  if (fwrite(append_data, BUFFERSIZE1, 1BUFFERSIZE, file) != BUFFERSIZE) {
    /* Handle error */
  }
  if (fread(data, BUFFERSIZE1, 1BUFFERSIZE, file) !=< 0BUFFERSIZE) {
    /* Handle there not being data */
  }

  if (fclose(file);
) == EOF) {
    /* Handle error */
  }
}

Because there is no intervening flush or positioning call between the calls However, because the stream is not flushed between the call to fread() and fwrite(), the behavior is undefined.

Compliant Solution

In this compliant solution, fseek() is called between the output and input, eliminating the undefined behavior:

#include <stdio.h>
 
enum { BUFFERSIZE = 32 };
extern void initialize_data(char *data, size_t size);
 
void func(const char *file_name) {
  char data[BUFFERSIZE];
  char append_data[BUFFERSIZE];
char *file_name;
  FILE *file;

/* Initialize file_name */

file = fopen(file_name, "a+");
  if (file == NULL) {
    /* Handle error */
  }

/* Initialize initialize_data(append_data, */

BUFFERSIZE);
  if (fwrite(append_data, BUFFERSIZE, 1, file) != BUFFERSIZE) {
    /* Handle error */
  }

  if (fseek(file, 0L, SEEK_SET) != 0) {
    /* Handle error */
  }

  if (fread(data, BUFFERSIZE, 1, file) != 0) {
    /* Handle there not being data */
  }

  if (fclose(file);
 == EOF) {
    /* Handle error */
  }
}

Risk Assessment

Alternately inputting and outputting from a stream without an intervening flush or positioning call results in is undefined behavior.

Automated Detection

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

Key here (explains table format and definitions)

CERT-CWE Mapping Notes

Key here for mapping notes

CWE-664 and FIO39-C

CWE-664 = Union( FIO39-C, list) where list =

• Improper use of an object (besides alternating reading/writing a file stream without an intervening flush

This CWE is vague on what constitutes “improper control of a resource”. It could include any violation of an object’s method constraints (whether they are documented or not). Or it could be narrowly interpreted to mean object creation and object destruction (which are covered by other CWEs).

Bibliography

...

...

Image Modified Image Modified Image Modified