...
Failing to properly close files may allow an attacker to exhaust system resources and can increase the risk that data written into in-memory file buffers will not be flushed in the event of abnormal program termination.
Rule | Severity | Likelihood | Detectable | RepairableRemediation Cost | Priority | Level |
|---|---|---|---|---|---|---|
FIO42-C | Medium | Unlikely | No | NoMedium | P4P2 | L3 |
Automated Detection
This rule is stricter than rule [fileclose] in ISO/IEC TS 17961:2013. Analyzers that conform to the technical standard may not detect all violations of this rule.
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| Supported, but no explicit checker | |||||||
| CodeSonar |
| ALLOC.LEAK | Leak | ||||||
| Compass/ROSE | |||||||||
| Coverity |
| RESOURCE_LEAK (partial) | Partially implemented | ||||||
| Cppcheck |
| resourceLeak | |||||||
| Cppcheck Premium |
| resourceLeak | |||||||
| Helix QAC |
| DF2701, DF2702, DF2703 | |||||||
| Klocwork |
| RH.LEAK | |||||||
| LDRA tool suite |
| 49 D | Partially implemented | ||||||
| Parasoft C/C++test |
| CERT_C-FIO42-a | Ensure resources are freed | ||||||
| PC-lint Plus |
| 429 | Partially supported | ||||||
| Polyspace Bug Finder |
| CERT C: Rule FIO42-C | Checks for resource leak (rule partially covered) | ||||||
| Security Reviewer - Static Reviewer |
| C80 | Fully implemented | ||||||
| SonarQube C/C++ Plugin |
| S2095 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...