The ungetc() function pushes a character onto an input stream. This pushed character can then be read by subsequent calls to functions that read from that stream. However, the ungetc() function has serious limitations. A call to a file positioning function, such as fseek(), will discard any character pushed back by ungetc(). Also, the C standard only guarantees that the pushing back of one character will succeed. Therefore, subsequent calls to ungetc() must be separated by a call to a read function or a file positioning function (which will discard any data pushed by ungetc()). If more than one character needs to be pushed by ungetc(), then an update stream should be used instead of calling ungetc().
Non-Compliant Code Example
FILE* fptr = fopen("myfile.ext", "rb");
if (fptr == NULL) {
/* handle error condition */
}
/* Read data */
ungetc('\n', fptr);
ungetc('\r', fptr);
/* Continue on */
Compliant Solution
(none known)
Risk Assessment
If used improperly, ungetc() can cause data to be truncated or lost.
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
FIO13-A |
2 (medium) |
2 (probable) |
1 (high) |
P4 |
L3 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Reference
[[ISO/IEC 9899-1999]] Section 7.19.7.11, "The ungetc function"
FIO12-A. Prefer setvbuf() to setbuf() 09. Input Output (FIO) FIO14-A. Understand the difference between text mode and binary mode with file streams