The ungetc()
function pushes a character onto an input stream. This pushed character can then be read by subsequent calls to functions that read from that stream. However, the ungetc()
function has serious limitations. A call to a file positioning function, such as fseek()
, will discard any character pushed on by ungetc()
. Also, the C standard only guarantees that the pushing back of one character will succeed. Therefore, subsequent calls to ungetc()
must be separated by a call to a read function or a file positioning function (which will discard any data pushed by ungetc()
). If more than one character needs to be pushed by ungetc()
, then an update stream should be used.
Non-Compliant Code Example
FILE* fptr = fopen("myfile.ext", "rb"); if (fptr == NULL) { /* handle error condition */ } /* Read data */ ungetc('\n', fptr); ungetc('\r', fptr); /* Continue on */
Compliant Solution
(none known)
Risk Assessment
If used improperly, ungetc()
can cause data to be truncated or lost.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
FIO13-A |
2 (medium) |
2 (probable) |
1 (high) |
P4 |
L3 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Reference
[[ISO/IEC 9899-1999:TC2]] Section 7.19.7.11, "The ungetc
function"