Page History

The C standard Standard [ISO/IEC 9899:2011] defines the fwrite() function as follows [ISO/IEC 9899:2011]:

Synopsis
size_t fwrite(const void *restrict ptr, size_t size, size_t nmemb, FILE *restrict stream);
Description
The fwrite() function writes, from the array pointed to by ptr, up to nmemb elements whose size is specified by size, to the stream pointed to by stream. For each object, size calls are made to the fputc() function, taking the values (in order) from an array of unsigned char exactly overlaying the object. The file position indicator for the stream (if defined) is advanced by the number of bytes successfully written. If an error occurs, the resulting value of the file position indicator for the stream is indeterminate.

...

In this noncompliant code example, the size of the buffer is stored in size1, but size2 number of characters are written in to the file. If size2 is greater than size1, write() will not stop copying characters at the null character.

...

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
FIO18-C	Medium	Probable	Medium	P8	L2

Related Guidelines

CERT C++ Secure Coding Standard

...

FIO18-CPP. Never expect write() to terminate the writing process at a null character

Bibliography

[ISO/IEC 9899:2011

...

]	Section 7.21.8.2, "The `fwrite`

...

Function"

Bibliography

...

[Open Group 2004] fwrite

...

Space shortcuts

Page tree

Versions Compared

Old Version 36

New Version 37

Key

Related Guidelines

Bibliography

Bibliography