 
                            According to the C Standard, 7.2123.3, paragraph 6 [ISO/IEC 9899:20112024],
The address of the
FILEobject used to control a stream may be significant; a copy of aFILEobject need is not required to serve in place of the original.
...
Using a copy of a FILE object in place of the original may result in a crash, which can be used in a denial-of-service attack.
| Rule | Severity | Likelihood | Detectable | 
|---|
| Repairable | Priority | Level | |
|---|---|---|---|
| FIO38-C | Low | Probable | Yes | 
| No | P4 | L3 | 
Automated Detection
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée | 
 | file-dereference | Partially checked | ||||||
| Axivion Bauhaus Suite | 
 | CertC-FIO38 | Fully implemented | ||||||
| Clang | 
 | misc-non-copyable-objects | Checked with clang-tidy | ||||||
| Compass/ROSE | 
| Can detect simple violations of this rule | |||||||||
| Coverity | 
 | MISRA C 2012 Rule 22.5 | Partially implemented | ||||||
| Cppcheck Premium | 
 | premium-cert-fio38-c | |||||||
| Helix QAC | 
 | C1485, C5028 C++3113, C++3114 | |||||||
| Klocwork | 
 | MISRA.FILE_PTR.DEREF.2012 | |||||||
| LDRA tool suite | 
 | 591 S | Fully implemented | 
| Parasoft C/C++test | 
 | 
| 
 | 
| 
 | 
file-dereference
| CERT_C-FIO38-a | A pointer to a FILE object shall not be dereferenced | ||||||||
| PC-lint Plus | 
 | 9047 | Partially supported: reports when a FILE pointer is dereferenced | ||||||
| 
 | CERT C: Rule FIO38-C | Checks for misuse of a FILE object (rule fully covered) | |||||||
| RuleChecker | 
 | file-dereference | Partially checked | 
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Key here (explains table format and definitions)
| Taxonomy | Taxonomy item | Relationship | 
|---|---|---|
| ISO/IEC TS 17961:2013 | Copying a FILEobject [filecpy] | Prior to 2018-01-12: CERT: Unspecified Relationship | 
Bibliography
...
...