SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 19

changes.mady.by.user Alex Volkovitsky

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

If either of the C Standard fgets() or fgetws() functions fail, the contents of the array being written is indeterminate. (See undefined behavior 175.)  It is necessary to reset the string to a known value to avoid errors on subsequent string manipulation functions.

Noncompliant Code Example

In this noncompliant code

Wiki Markup
According to C99 \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\], if the {{fgets()}} function fails, the contents of the array it was writing to are undefined. As a result it is necessary to reset the string to a known value to avoid possible errors on subsequent string manipulation functions.

Non-Compliant Code Example

In this example, an error flag is set upon if fgets() failure fails. However, buf is not reset , and will have unknown contents.has indeterminate contents:

Code Block
bgColor#ffcccc
langc
#include <stdio.h>
 
enum { BUFFERSIZEBUFFER_SIZE = 1024 };
void func(FILE *file) {
  char buf[BUFFERSIZEBUFFER_SIZE];
FILE *file;
/* Initialize file */

if (fgets(buf, sizeof(buf), file) == NULL) {
    /* setSet error flag and continue */
}
printf("Read in: %s\n", buf);
 }
}

Compliant Solution

In this compliant solution, buf is set to an empty string if fgets() fails. The equivalent solution for fgetws() would set buf to an empty wide string.

Code Block
bgColor#ccccff
langc
#include <stdio.h>
 
enum { BUFFERSIZEBUFFER_SIZE = 1024 };

char buf[BUFFERSIZE];
void func(FILE *file;) {
/* Initialize file */char buf[BUFFER_SIZE];

  if (fgets(buf, sizeof(buf), file) == NULL) {
    /* setSet error flag and continue */
    *buf = '\0';
}
printf("Read in: %s\n", buf);
  }
}

Exceptions

FIO40-C-EX1: If the string goes out of scope immediately following the call to fgets() or fgetws() or is not referenced in the case of a failure, it need not be reset.

Risk Assessment

Making invalid assumptions about the contents of the an array set modified by fgets on failure could lead to undefined behavior, possibly resulting in () or fgetws() can result in undefined behavior 175 and abnormal program termination.

Rule

Severity

Likelihood

Remediation Cost

Detectable

Repairable

Priority

Level

FIO40-C

Low

Probable

Yes

Yes

P6

L2

Automated Detection

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

LANG.MEM.UVAR

Uninitialized Variable
Cppcheck Premium

Include Page
Cppcheck Premium_V
Cppcheck Premium_V

premium-cert-fio40-c
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

DF4861, DF4862, DF4863


LDRA tool suite
Include Page
LDRA_V
LDRA_V
44 SEnhanced enforcement
Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_C

low

unlikely

medium

P2

L3

-FIO40-a

Reset strings on fgets() or fgetws() failure

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule FIO40-CChecks for use of indeterminate string (rule partially covered)
PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V1024

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.19.7.2, "The {{fgets}} function"

...

FIO39-C. Do not read in from a stream directly following output to that stream      09. Input Output (FIO)       FIO41-C. Do not call getc() or putc() with stream arguments that have side effectsImage Added Image Added Image Added