SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 1

changes.mady.by.user Alex Volkovitsky

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Be careful of binary data when transferring data across systems

Portability is an important issue to keep in mind Portability is a concern when using the fread() and fwrite() functions across multiple, heterogeneous systems. In particular, it is never guaranteed that reading or writing of simple scalar data structures types such as int'sintegers, let alone complex structures aggregate types such as float's or struct's arrays or structures, will preserve the representation or value of the data. Different compilers use different amounts of Implementations may differ in structure padding, different machines use various floating-point modelsmodel, may use a different number of bits per byte, and there is always the issue of endianness.

...

, endianness, and other attributes that cause binary data formats to be incompatible.

Noncompliant Code Example

This noncompliant code example reads data from a file stream into a data structure:

Code Block
bgColor#FFCCCC
langc

struct myData {
    char c;
  long  float fl;
} myData;

/* There is no way to verify what binary model was used to write the data... */

FILE *file;
struct myData data;

/* Initialize file */

if (fread(&myDatadata, sizeof(struct myData), 1, fd);
 file) < sizeof(struct myData)) {
  /* Handle error */
}

However, the code makes assumptions about the layout of myData, which may be represented differently on a different platform.

Compliant Solution

The best solution is to use either a text representation for the data.or a special library that ensures data integrity:

Code Block
bgColor#ccccff
langc

struct myData {
    char c;
  long l;
};

/*  float f;
} myData;

if(fscanf(fd, "%c %f\n", &myData.c, &myData.f) != 2... */

FILE *file;
struct myData data;
char buf[25];
char *end_ptr;

/* Initialize file */

if (fgets(buf, 1, file) == NULL) {
  /* Handle error */
}

data.c = buf[0];

if (fgets(buf, sizeof(buf), file) == NULL) {
  /* Handle Error */
}

data.l = strtol(buf, &end_ptr, 10);

if ((ERANGE == errno)
 || (end_ptr == buf)
 || ('\n' != *end_ptr && '\0' != *end_ptr)) {
    /* Handle errorError */
}

...

Risk Assessment

Reading binary data that has a different format than expected may result in unintended program behavior.

Recommendation

Severity

Likelihood

Detectable

Repairable

Priority

Level

FIO09-C

Medium

Probable

No

No

P4

L3

Automated Detection

Tool

Version

Checker

Description

Compass/ROSE



Could flag possible violations of this rule by noting any pointer to struct that is passed to fread(), as the noncompliant code example demonstrates

LDRA tool suite
Include Page
LDRA_V
LDRA_V
44 SEnhanced Enforcement

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++ Coding StandardVOID FIO09-CPP. Be careful with binary data when transferring data across systems

Bibliography

[Summit 1995]20.5 on C-FAQ


...

Image Added Image Added Image Added