You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 71 Next »

According to the C Standard, 7.21.3, paragraph 6 [ISO/IEC 9899:2011],

The address of the FILE object used to control a stream may be significant; a copy of a FILE object need not serve in place of the original.

Consequently, do not copy a FILE object.

Noncompliant Code Example

This noncompliant code example can fail because a by-value copy of stdout is being used in the call to fputs():

#include <stdio.h>
 
int main(void) {
  FILE my_stdout = *stdout;
  if (fputs("Hello, World!\n", &my_stdout) == EOF) {
    /* Handle error */
  }
  return 0;
}

When compiled under Microsoft Visual Studio 2013 and run on Windows, this noncompliant example results in an "access violation" at runtime.

Compliant Solution

In this compliant solution, a copy of the stdout pointer to the FILE object is used in the call to fputs():

#include <stdio.h>
 
int main(void) {
  FILE *my_stdout = stdout;
  if (fputs("Hello, World!\n", my_stdout) == EOF) {
    /* Handle error */
  }
  return 0;
}

Risk Assessment

Using a copy of a FILE object in place of the original may result in a crash, which can be used in a denial-of-service attack.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

FIO38-C

Low

Probable

Medium

P4

L3

Automated Detection

ToolVersionCheckerDescription
Astrée24.04file-dereferencePartially checked
Clang3.9misc-non-copyable-objectsChecked with clang-tidy
Compass/ROSE  

Can detect simple violations of this rule

Coverity2017.07

MISRA C 2012 Rule 22.5

Partially implemented
LDRA tool suite9.7.1

591 S

Fully implemented
RuleChecker24.04

file-dereference

Partially checked
PRQA QA-C++4.45013 

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

ISO/IEC TS 17961:2013Copying a FILE object [filecpy]

Bibliography

[ISO/IEC 9899:2011]7.21.3, "Files"

 


  • No labels