Page History

...

Incorrectly assuming that character data has been read can result in an out-of-bounds memory write or other flawed logic.

Rule	Severity	Likelihood	Detectable	RepairableRemediation Cost	Priority	Level
FIO37-C	High	Probable	Yes	MediumYes	P12P18	L1

Automated Detection

Tool

Version

Checker

Description

Astrée

Include Page

	Astrée_V
	Astrée_V

Supported: Astrée reports defects due to returned (empty) strings.

Axivion Bauhaus Suite

Include Page

	Axivion Bauhaus Suite_V
	Axivion Bauhaus Suite_V

CertC-FIO37

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

(general)

Considers the possibility that fgets() and fgetws() may return empty strings (Warnings of various classes may be triggered depending on subsequent operations on those strings. For example, the noncompliant code example cited above would trigger a buffer underrun warning.)

Compass/ROSE

Could detect some violations of this rule (In particular, it could detect the noncompliant code example by searching for fgets(), followed by strlen() - 1, which could be −1. The crux of this rule is that a string returned by fgets() could still be empty, because the first char is '\0'. There are probably other code examples that violate this guideline; they would need to be enumerated before ROSE could detect them.)

Cppcheck Premium

Include Page