SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 14

changes.mady.by.user Janice D'Sa

Saved on

compared with

New Version 15

changes.mady.by.user Janice D'Sa

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

size_t fwrite(const void *restrict ptr, size_t size, size_t nitems, FILE *restrict stream);

The fwrite() function shall write, from the array pointed to by ptr, up to nitems elements whose size is specified by size, to the stream pointed to by stream. For each object, size calls shall be made to the fputc() function, taking the values (in order) from an array of unsigned char exactly overlaying the object. The file-position indicator for the stream (if defined) shall be advanced by the number of bytes successfully written. If an error occurs, the resulting value of the file-position indicator for the stream is unspecified.

...

Noncompliant Code Example

In this noncompliant code example, the size of the buffer is stored in size1, but size2 number of characters are written in to the file. If size2 is greater than size1, write() will not stop copying characters at the null character.

Code Block
bgColor#ffcccc
#include <stdio.h>
char *buffer = NULL;
long size1, size2;
FILE *filedes;

/*
 * Assume size1 and size2 are appropriately initialized
 *
 */

filedes = fopen("out.txt", "w+");
if (filedes < 0) {
  /* Handle error */
}

buffer = (char *)calloc(1, size1);
if (buffer == NULL) {
  /* Handle error */
}

fwrite(buffer, sizeof(char), size2, filedes);

free(buffer);
buffer = NULL;
fclose(filedes);

Compliant Code Example

This compliant solution ensures that the correct number of characters are written to the file.

Code Block
bgColor#ccccff
char *buffer = NULL;
long size1, size2;
FILE *filedes;

/*
 * Assume size1 and size2 are appropriately initialized
 */

filedes = fopen("out.txt", "w+");
if (filedes < 0){
  /* Handle error */
}

buffer = (char *)calloc(1, size1);
if (buffer == NULL) {
  /* Handle error */
}

/*
 * Accept characters in to the buffer
 * Check for buffer overflow
 */

size2 = strlen(buffer) + 1;

fwrite(buffer, sizeof(char), size2, filedes);

free(buffer);
buffer = NULL;
fclose(filedes);

Risk Assessment

Failure to follow the recommendation could result in a non-null-terminated string being written to a file. This will create problems when the program tries to read it back as a c-string.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

FIO45-C

Medium

Probable

Medium

P12

L1

Other Languages

This rule can be found in the C++ Secure Coding Practice as FIO18-CPP. Never expect write() to terminate the writing process at a null character.

References

Wiki Markup
\[1\] [http://www.opengroup.org/onlinepubs/009695399/functions/fwrite.html]
\[2\] \[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\]