SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 142

changes.mady.by.user Robert Seacord

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM Cost Reform

A call to the fopen() or freopen() function must be matched with a call to fclose() before the lifetime of the last pointer object that stores the return value of the call has ended.

Standard FILE objects and their underlying representation (file descriptors on POSIX platforms or handles elsewhere) are a finite resource that must be carefully managed. The number of files that an implementation guarantees may be open simultaneously is bounded by the FOPEN_MAX macro defined in <stdio.h>. The value of the macro is guaranteed to be at least 8. Consequently, portable programs must either avoid keeping more than FOPEN_MAX files at the same time or be prepared for functions such as fopen() to fail due to resource exhaustion.

...

The behavior of a program is undefined when it uses the value of a pointer to a FILE object after the associated file is closed (see undefined behavior 148153.) Programs that close the standard streams (especially stdout but also stderr and stdin) must be careful not to use the stream objects in subsequent function calls, particularly those that implicitly operate on such objects (such as printf(), perror(), and getc()).

...

Failing to properly close files may allow unintended access to, or exhaustion of, system resources.

Rule

Severity

Likelihood

Detectable

Remediation Cost

Repairable

Priority

Level

FIO22-C

Medium

Unlikely

No

Medium

No

P4

P2

L3

Automated Detection

Tool

Version

Checker

Description

Compass/ROSE
   

Fortify SCA

5.0

 Can detect violations of this rule with CERT C Rule Pack



Klocwork
Include Page
Klocwork_V
Klocwork_V

RH.LEAK

 


LDRA tool suite
Include Page
LDRA_V
LDRA_V

49 D

Fully implemented
Partially implemented
Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_C-FIO22-a

Ensure resources are freed

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C Secure Coding StandardWIN03-C. Understand HANDLE inheritance 
SEI CERT C++
Secure
Coding Standard
FIO42
FIO51-CPP.
Ensure
Close files
are properly closed
when they are no longer needed
CERT Oracle Secure Coding Standard for JavaFIO04-J. Release resources when they are no longer needed
ISO/IEC TS 17961
Failing to close files or free dynamic memory when they are no longer needed [fileclose]
MITRE CWECWE-403, UNIX file descriptor leak
CWE-404, Improper resource shutdown or release
CWE-770, Allocation of resources without limits or throttling

Bibliography

[Dowd 2006]Chapter 10, "UNIX Processes" ("File Descriptor Leaks," pp. 582–587)
[IEEE Std 1003.1:2013]XSH, System Interfaces, open
[MSDN]Inheritance (Windows)
[NAI 1998]
 

 



...

Image Modified Image Modified Image Modified