Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Opening a file that is already open has implementation-defined behavior, according to the C Standard, 7.21.3, paragraph 8 [ISO/IEC 9899:2011]:

Functions that open additional (nontemporary) files require a file name, which is a string. The rules for composing valid file names are implementation-defined. Whether the same file can be simultaneously open multiple times is also implementation-defined.

Some implementations do not allow multiple copies of the same file to be open at the same time. Consequently, portable code cannot depend on what will happen if this rule is violated. Even on implementations that do not outright fail to open an already-opened file, a TOCTOU (time-of-check, time-of-use) race condition exists in which the second open could operate on a different file from the first due to the file being moved or deleted (see FIO45-C. Avoid TOCTOU race conditions while accessing files for more details on TOCTOU race conditions).

Noncompliant Code Example

This noncompliant code example logs the program's state at runtime:

The behavior when simultaneously opening a file multiple times is implementation defined. On some platforms, this is not allowed. On others, it might result in race conditions.

Non-Compliant Coding Example

The following non-compliant code write logs about the programs state at runtime.

Code Block
bgColor#ffcccc"
langc
#include <stdio.h>
 
void do_stuff(void) {
  FILE * logfile = fopen("log", "a");
  if (logfile == NULL) {
    /* Handle error * Check for errors, write/
  }

  /* Write logs pertaining to do_stuff, etc.() */
  fprintf(logfile, "do_stuff\n");
}

int main(void) {
  FILE * logfile = fopen("log", "a");
  if (logfile == NULL) {
    /* Check for errors, writeHandle error */
  }

  /* Write logs pertaining to main,() etc. */
  fprintf(logfile, "main\n");

  do_stuff();
 
  if (fclose(logfile) == EOF) {
    /* Handle ...error */
  }
  return 0;
}

Because However, it opens the file log twice simultaneously. As stated above, the result is implementation defined and dangerous is opened twice (once in main() and again in do_stuff()), this program has implementation-defined behavior.

Compliant Solution

In this compliant solution, a reference to the file pointer is passed around so that the file does not have to be opened twice separatelyas an argument to functions that need to perform operations on that file. This reference eliminates the need to open the same file multiple times.

Code Block
bgColor#ccccff
langc
#include <stdio.h>
 
void do_stuff(FILE **filelogfile) {
  FILE* logfile = *file;
  
  /* Check for errors, write Write logs pertaining to do_stuff,() etc. */
  fprintf(logfile, "do_stuff\n");
}

int main(void) {
  FILE * logfile = fopen("log", "a");
  if (logfile == NULL) {
    /* Check for errors, write Handle error */
  }

  /* Write logs pertaining to main, etc.() */
  fprintf(logfile, "main\n");

  do_stuff(&logfile);
 
  if (fclose(logfile) == EOF) {
    /* Handle ...error */
  }
  return 0;
}

Risk Assessment

Simultaneously opening a file multiple times could can result in abnormal program termination or a data integrity violationunexpected errors and nonportable behavior.

Rule

Severity

Likelihood

Detectable

Remediation Cost

Repairable

Priority

Level

FIO31-A

2 (medium)

2 (probable)

2 (medium)

P8

L2

References

FIO24-C

Medium

Probable

No

No

P4

L3

Automated Detection

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

IO.RACE
(customization)

IO.BRAW

File system race condition
Users can implement a custom check that triggers a warning if a file-opening function is called on a file that is already open

File Open for Both Read and Write

LDRA tool suite
Include Page
LDRA_V
LDRA_V

75 D

Partially implemented

Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_C-FIO24-aAvoid race conditions while accessing files

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rec. FIO24-CChecks for situations where previously opened resources are reopened (rec. fully covered)

Related Guidelines

 Bibliography

[ISO/IEC 9899:2011Subclause 7.21.3, "Files"


...

Image Added Image Added Image Added Wiki Markup\[[ISO/IEC 9899-1999:TC2|AA. C References#ISO/IEC 9899-1999TC2]\] Section 7.19.3, "Files"