Portability is a concern when using the
fwrite() functions across multiple, heterogeneous systems. In particular, it is never guaranteed that reading or writing of scalar data types such as integers, let alone aggregate types such as arrays or structures, will preserve the representation or value of the data. Implementations may differ in structure padding, floating-point model, number of bits per byte, endianness, and other attributes that cause binary data formats to be incompatible.
Noncompliant Code Example
This noncompliant code example reads data from a file stream into a data structure:
However, the code makes assumptions about the layout of
myData, which may be represented differently on a different platform.
The best solution is to use either a text representation or a special library that ensures data integrity:
Reading binary data that has a different format than expected may result in unintended program behavior.
Could flag possible violations of this rule by noting any pointer to
|LDRA tool suite
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
|SEI CERT C++ Coding Standard
|VOID FIO09-CPP. Be careful with binary data when transferring data across systems