The ungetc() function pushes a character onto an input stream. This pushed character can then be read by subsequent calls to functions that read from that stream. However, the ungetc() function has serious limitations. A call to a file positioning function, such as fseek(), will discard any character pushed on by ungetc(). Also, the C standard only guarantees that the pushing back of one character will succeed. Therefore, subsequent calls to ungetc() must be separated by a call to a read function or a file positioning function (which will discard any data pushed by ungetc()). If more than one character needs to be pushed by ungetc(), then an update stream should be used.
Non-Compliant Code Example
FILE* fptr = fopen("myfile.ext", "rb");
if (fptr == NULL) {
/* handle error condition */
}
/* Read data */
ungetc('\n', fptr);
ungetc('\r', fptr);
/* Continue on */
Compliant Solution
(none known)
Risk Assessment
If used improperly, ungetc() can cause data to be truncated or lost.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
FIO13-A |
2 (medium) |
2 (probable) |
1 (high) |
P4 |
L3 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Reference
[[ISO/IEC 9899-1999]] Section 7.19.7.11, "The ungetc function"