
The C Standard, Section subclause 7.21.8.2 2 [ISO/IEC 9899:2011], defines the fwrite()
function as follows:
...
Code Block | ||||
---|---|---|---|---|
| ||||
#include <stdio.h> #include <stdlib.h> char *buffer = NULL; size_t size1; size_t size2; FILE *filedes; /* * Assume size1 and size2 are appropriately initialized */ filedes = fopen("out.txt", "w+"); if (filedes == NULL) { /* Handle error */ } buffer = (char *)calloc( 1, size1); if (buffer == NULL) { /* Handle error */ } fwrite(buffer, 1, size2, filedes); free(buffer); buffer = NULL; fclose(filedes); |
...
Code Block | ||||
---|---|---|---|---|
| ||||
#include <stdio.h> #include <stdlib.h> #include <string.h> char *buffer = NULL; size_t size1; size_t size2; FILE *filedes; /* * Assume size1 is appropriately initialized */ filedes = fopen("out.txt", "w+"); if (filedes == NULL){ /* Handle error */ } buffer = (char *)calloc( 1, size1); if (buffer == NULL) { /* Handle error */ } /* * Accept characters in to the buffer. * Check for buffer overflow. */ size2 = strlen(buffer) + 1; fwrite(buffer, 1, size2, filedes); free(buffer); buffer = NULL; fclose(filedes); |
...
Failure to follow the recommendation could result in a non-null-terminated string being written to a file. This , which will create problems when the program tries to read it back as a null-terminated byte string.
Recommendation | Severity | Likelihood |
---|
Detectable | Repairable | Priority | Level |
---|---|---|---|
FIO18-C | Medium | Probable |
Medium
P8
No | No | P4 | L3 |
Automated Detection
Related Guidelines
SEI CERT C++ |
Coding Standard | VOID FIO18-CPP. Never expect write() to terminate the writing process at a null character |
Bibliography
[ISO/IEC 9899:2011] |
Subclause 7.21.8.2, "The fwrite Function" |
[ |
IEEE Std 1003.1:2013] | XSH, System Interfaces, fwrite |
...
...