SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 38

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 39

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Simultaneously opening Opening a file multiple times that is already open has implementation-defined behavior. While some platforms may forbid a file simultaneously being opened multiple times, platforms that allow it may facilitate dangerous race conditions.

Noncompliant Code Example

This noncompliant code example logs the program's state at runtime.

...

However, the file log is opened twice simultaneously. The result is implementation-defined and potentially dangerous.

Implementation Details

On a Linux machine running gcc 4.3.2, this program produces the following output:

...

which does not indicate the order in which data was logged.

Compliant Solution

In this compliant solution, a reference to the file pointer is passed as an argument to functions that need to perform operations on that file. This eliminates the need to open the same file multiple times.

Code Block
bgColor#ccccff
void do_stuff(FILE *logfile) {
  /* Write logs pertaining to do_stuff() */
  fprintf(logfile, "do_stuff\n");

  /* ... */
}

int main(void) {
  FILE *logfile = fopen("log", "a");
  if (logfile == NULL) {
    /* Handle error */
  }

  /* Write logs pertaining to main() */
  fprintf(logfile, "main\n");

  do_stuff(logfile);

  /* ... */
  return 0;
}

Implementation Details

On a Linux machine running gcc 4.3.2, this program produces the following output:

...

which matches the order in which logging occurred.

Risk Assessment

Simultaneously opening a file multiple times can result in abnormal program termination or data integrity violations.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

FIO31-C

medium

probable

high

P4

L3

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

This rule appears in the C++ Secure Coding Standard as FIO31-CPP. Do not simultaneously open the same file multiple times.

References

Wiki Markup
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.19.3, "Files"
\[[MITRE 07|AA. C References#MITRE 07]\] [CWE ID 362|http://cwe.mitre.org/data/definitions/362.html], "Race Condition," [CWE ID 675|http://cwe.mitre.org/data/definitions/675.html], and "Duplicate Operations on Resource"

...