According to C99, Section 7.19.3 p6
The address of the
FILEobject used to control a stream may be significant; a copy of aFILEobject need not serve in place of the original.
Consequently, do not use a copy of a FILE object in any input/output operations.
Noncompliant Code Example
This noncompliant code example can fail because a copy of stdout is being used in the call to fputs().
int main(void) {
FILE my_stdout = *(stdout);
if (fputs("Hello, World!\n", &my_stdout) == EOF) {
/* Handle error */
}
return 0;
}
For example, this noncompliant example fails with an "access violation" when compiled under Microsoft Visual Studio 2005 and run under Windows.
Compliant Solution
In this compliant solution, a copy of the pointer to the FILE object is used in the call to fputs().
int main(void) {
FILE *my_stdout = stdout;
if (fputs("Hello, World!\n", my_stdout) == EOF) {
/* Handle error */
}
return 0;
}
Risk Assessment
Using a copy of a FILE object in place of the original may result in a crash, which can be used in a denial-of-service attack.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
FIO38-C |
low |
probable |
medium |
P4 |
L3 |
Automated Detection
Tool |
Version |
Checker |
Description |
|---|---|---|---|
Compass/ROSE |
|
|
can detect simple violations of this rule |
| 9.7.1 | 591 S |
Fully Implemented |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
CERT C++ Secure Coding Standard: FIO38-CPP. Do not use a copy of a FILE object for input and output
ISO/IEC 9899:1999 Section 7.19.3, "Files"
Bibliography