SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 77

changes.mady.by.user Michal Rozenau

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM Cost Reform

According to the C Standard, 7.2123.3, paragraph 6 [ISO/IEC 9899:20112024],

The address of the FILE object used to control a stream may be significant; a copy of a FILE object need is not required to serve in place of the original.

...

Using a copy of a FILE object in place of the original may result in a crash, which can be used in a denial-of-service attack.

Rule

Severity

Likelihood

Detectable

RepairableRemediation Cost

Priority

Level

FIO38-C

Low

Probable

Yes

MediumNo

P4

L3

Automated Detection

Partially checkedMisuse 5013
ToolVersionCheckerDescription
Astrée
Include Page
Astrée_V
Astrée_V
file-dereferencePartially checked
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-FIO38Fully implemented
Clang
Include Page
Clang_38_V
Clang_38_V
misc-non-copyable-objectsChecked with clang-tidy
Compass/ROSE

Can detect simple violations of this rule

Coverity
Include Page
Coverity_V
Coverity_V

MISRA C 2012 Rule 22.5

Partially implemented
Cppcheck Premium
Include Page
Cppcheck Premium_V
Cppcheck Premium_V


premium-cert-fio38-c


Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C1485, C5028

C++3113, C++3114


KlocworkLDRA tool suite
Include Page
LDRAKlocwork_VLDRA
Klocwork_V

591 S

Fully implementedRuleChecker
Include Page
RuleChecker_VRuleChecker_V

file-dereference

MISRA.FILE_PTR.DEREF.2012
MISRA.FILE_PTR.DEREF.CAST.2012
MISRA.FILE_PTR.DEREF.INDIRECT.2012
MISRA.FILE_PTR.DEREF.RETURN.2012


LDRA tool suite
Include Page
LDRA_V
LDRA_V

591 S

Fully implemented
Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_C-FIO38-a

A pointer to a FILE object shall not be dereferenced
PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

9047

Partially supported: reports when a FILE pointer is dereferenced

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule FIO38-CChecks for misuse of a FILE object Use of copy of FILE objectPRQA QA-C++
Include Page
cplusplus:PRQA QA-C++_Vcplusplus:PRQA QA-C++_V(rule fully covered)
RuleChecker
Include Page
RuleChecker_V
RuleChecker_V

file-dereference

Partially checked

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

Bibliography

[ISO/IEC 9899:20112024]7.2123.3, "Files"


...