Subclause 7.21.9.3 of the C Standard [ISO/IEC 9899:2011] defines the following behavior for fsetpos():
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <stdio.h>
#include <string.h>
enum { NO_FILE_POS_VALUES = 3 };
int opener(FILE *file) {
int rc;
fpos_t offset;
memset(&offset, 0, sizeof(offset));
if (file == NULL) { return -1; }
/* Read in data from file. */
rc = fsetpos(file, &offset);
if (rc != 0 ) { return rc; }
return 0;
}
|
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <stdio.h>
#include <string.h>
enum { NO_FILE_POS_VALUES = 3 };
int opener(FILE *file) {
int rc;
fpos_t offset;
if (file == NULL) { return -1; }
rc = fgetpos(file, &offset);
if (rc != 0 ) { return rc; }
/* Read in data from file. */
rc = fsetpos(file, &offset);
if (rc != 0 ) { return rc; }
return 0;
}
|
...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
FIO44-C | mediumMedium | unlikelyUnlikely | mediumMedium | P4 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
|
| Can detect common violations of this rule. However, it cannot handle cases in which the value returned by | |||||||
5.0 |
| Can detect violations of this rule with CERT C Rule Pack | |||||||
| 82 D | Fully implemented |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
| CERT C++ Secure Coding Standard | FIO44-CPP. Only use values for fsetpos() that are returned from fgetpos() |
| ISO/IEC TS 17961 (Draft) | Using a value for fsetpos other than a value returned from fgetpos [xfilepos] |
Bibliography
| [ISO/IEC 9899:2011] | Subclause 7.21.9.3, "The fsetpos Function" |
...