If the C fgets() function fails, the contents of the array it was writing to are indeterminate. (See also undefined behavior 170 of in Annex J of the C Standard.) Consequently, it is necessary to reset the string to a known value to avoid possible errors on subsequent string manipulation functions.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <stdio.h>
void func(FILE *file) {
char buf[BUFSIZ];
if (fgets(buf, sizeof(buf), file) == NULL) {
/* Set error flag and continue. */
}
} |
However, buf is not reset and has unknown contents.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <stdio.h>
void func(FILE *file) {
char buf[BUFSIZ];
if (fgets(buf, sizeof(buf), file) == NULL) {
/* Set error flag and continue. */
*buf = '\0';
}
} |
Exceptions
...
Making invalid assumptions about the contents of an array modified by fgets() or fgetws() can result in undefined behavior and abnormal program termination.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
FIO40-C | lowLow | probableProbable | mediumMedium | P4 | L3 |
Related Vulnerabilities
...