SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 20

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Portability is a concern when using the fread() and fwrite() functions across multiple, heterogeneous systems. In particular, it is never guaranteed that reading or writing of scalar data types such as integers, let alone aggregate types such as arrays or structures, will preserve the representation or value of the data. Different compilers use different amounts of padding. Different machines use various floating point models and may use a different Implementations may differ in structure padding, floating-point model, number of bits per byte. In addition, there is always the issue of endianness.

Non-Compliant Code Example

endianness, and other attributes that cause binary data formats to be incompatible.

Noncompliant Code Example

This noncompliant code example The following non-compliant code reads data from a file stream into a data structure.:

Code Block
bgColor#FFCCCC
langc

struct myData {
  char c;
  floatlong fl;
};

/* ... */

FILE *file;
struct myData data;

/* initializeInitialize file */

if (fread(&data, sizeof(struct myData), 1, file) < sizeof(struct myData)) {
  /* handleHandle error */
}

However, the code makes assumptions about the layout of myData, which may be represented differently on a different platform.

Compliant Solution

The best solution is to use either a text representation or a special library that will ensure the integrity of data.ensures data integrity:

Code Block
bgColor#ccccff
langc

struct myData {
  char c;
  floatlong fl;
};

/* ... */

FILE *file;
struct myData data;
char buf[25];
char *end_ptr;

/* initializeInitialize file */

if (fscanf(file, "%c %f\n", &data.c, &data.f) != 2) {
  /* handle errorfgets(buf, 1, file) == NULL) {
  /* Handle error */
}

data.c = buf[0];

if (fgets(buf, sizeof(buf), file) == NULL) {
  /* Handle Error */
}

data.l = strtol(buf, &end_ptr, 10);

if ((ERANGE == errno)
 || (end_ptr == buf)
 || ('\n' != *end_ptr && '\0' != *end_ptr)) {
    /* Handle Error */
}

Risk Assessment

Reading binary data that has a different format than expected may result in unintended program behavior.

Recommendation

Severity

Likelihood

Remediation Cost

Detectable

Repairable

Priority

Level

FIO09-

A

C

Medium

medium

Probable

probable

No

high

No

P4

L3

Automated Detection

Tool

Version

Checker

Description

Compass/ROSE



Could flag possible violations of this rule by noting any pointer to struct that is passed to fread(), as the noncompliant code example demonstrates

LDRA tool suite
Include Page
LDRA_V
LDRA_V
44 SEnhanced Enforcement

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[Summit 95|AA. C References#Summit 95]\], [20.5 on C-FAQ | http://c-faq.com/misc/binaryfiles.html]

Related Guidelines

SEI CERT C++ Coding StandardVOID FIO09-CPP. Be careful with binary data when transferring data across systems

Bibliography

[Summit 1995]20.5 on C-FAQ


...

Image Added Image Added Image AddedImage Removed      09. Input Output (FIO)       FIO10-A. Take care when using the rename() function