SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 58

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 59

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki Markup
Section 7.19.9.3 of C99 defines the following behavior for {{fsetpos()}}: \[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\]:

The fsetpos function sets the mbstate_t object (if any) and file position indicator for the stream pointed to by stream according to the value of the object pointed to by pos, which shall be a value obtained from an earlier successful call to the fgetpos function on a stream associated with the same file.

...

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

FIO44-C

medium

unlikely

medium

P4

L3

Automated Detection

Tool

Version

Checker

Description

Section

Fortify SCA

...

Section

V. 5.0

...

 

Section

can detect violations of this rule

...

with CERT C Rule Pack

Section

Compass/ROSE

 

 

Section

can detect common violations of this rule. However, it unable to handle cases where the value returned by fgetpos() is copied between several variables before being passed to fsetpos()

...

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

Related Guidelines

CERT This rule appears in the C++ Secure Coding Standard as : FIO44-CPP. Only use values for fsetpos() that are returned from fgetpos().

Bibliography

unmigrated-wiki-markup

\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 7.19.9.3, "The {{fsetpos}} function"

Bibliography

...

FIO43-C. Do not create temporary files in shared directories      09. Input Output (FIO)      10. Environment (ENV)