...
Because the file log is opened twice (once in main() and again in do_stuff()), this program has implementation-defined behavior.
Compliant Solution
In this compliant solution, a reference to the file pointer is passed as an argument to functions that need to perform operations on that file. This reference eliminates the need to open the same file multiple times.
...
Simultaneously opening a file multiple times can result in unexpected errors and nonportable behavior.
Rule | Severity | Likelihood |
|---|
Detectable | Repairable | Priority | Level |
|---|
FIO24-C | Medium | Probable | No |
No | P4 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| CodeSonar |
| IO.RACE IO.BRAW | File |
system race condition |
File Open for Both Read and Write | ||||||||
| LDRA tool suite |
| 75 D |
Fully implemented
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Partially implemented | |||||||||
| Parasoft C/C++test |
| CERT_C-FIO24-a | Avoid race conditions while accessing files | ||||||
| CERT C: Rec. FIO24-C | Checks for situations where previously opened resources are reopened (rec. fully covered) |
Related Guidelines
| CERT C Secure |
| Coding Standard | FIO45-C. Avoid TOCTOU race conditions while accessing files |
| SEI CERT C++ Coding Standard | VOID FIO21-CPP. Do not simultaneously open the same file multiple times |
| MITRE CWE | CWE-362, Concurrent Execution Using Shared Resource with Improper Synchronization ("Race Condition") CWE-675, Duplicate Operations on Resource |
Bibliography
| [ISO/IEC 9899:2011] | Subclause 7.21.3, "Files" |
...