Page History

If either of the C Standard fgets() or fgetws() function fails functions fail, the contents of the array it was writing to are being written is indeterminate. (See also undefined behavior 170 of Annex J175.) Consequently, it   It is necessary to reset the string to a known value to avoid possible errors on subsequent string manipulation functions.The fgetws() function is similarly affected.

Noncompliant Code Example

In this noncompliant code example, an error flag is set upon if fgets() failure fails. However, buf is not reset and has indeterminate contents:

char buf[BUFSIZ];
#include <stdio.h>
 
enum { BUFFER_SIZE = 1024 };
void func(FILE *file;) {
/* Initialize file */char buf[BUFFER_SIZE];

  if (fgets(buf, sizeof(buf), file) == NULL) {
    /* Set error flag and continue */
  }

However, buf is not reset and has unknown contents.

}

Compliant Solution

In this compliant solution, buf is set to an empty string if fgets() fails. The equivalent solution for fgetws() would set buf to an empty wide string:.

char buf[BUFSIZ];
#include <stdio.h>
 
enum { BUFFER_SIZE = 1024 };

void func(FILE *file;) {
/* Initialize file */char buf[BUFFER_SIZE];

  if (fgets(buf, sizeof(buf), file) == NULL) {
    /* Set error flag and continue */
    *buf = '\0';
  }
}

Exceptions

FIO40-C-EX1: If the string goes out of scope immediately following the call to fgets() or fgetws() or is not referenced in the case of a failure, it need not be reset.

Risk Assessment

Making invalid assumptions about the contents of an array modified by fgets() or fgetws() can result in undefined behavior and 175 and abnormal program termination.

Automated Detection

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

...

.

...

...

Image Modified Image Modified Image Modified