You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

The C standard specifies specific strings to use for the mode for the function fopen(). An implementation may define extra strings that define additional modes, but only the modes in the following table (adapted from the C99 standard) are fully portable and C99 compliant:

mode string

Result

r

open text file for reading

w

truncate to zero length or create text file for writing

a

append; open or create text file for writing at end-of-file

rb

open binary file for reading

wb

truncate to zero length or create binary file for writing

ab

append; open or create binary file for writing at end-of-file

r+

open text file for update (reading and writing)

w+

truncate to zero length or create text file for update

a+

append; open or create text file for update, writing at end-of-file

r+b or rb+

open binary file for update (reading and writing)

w+b or wb+

truncate to zero length or create binary file for update

a+b or ab+

append; open or create binary file for update, writing at end-of-file

Risk Assessment

Using a non-standard mode will lead to undefined behavior, likely causing the call to fopen() to fail.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

FIO11-A

1 (low)

2 (probable)

3 (low)

P6

L2

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

[[ISO/IEC 9899-1999]] Section 7.9.15.3, "The fopen function"

  • No labels