...
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <stdio.h>
void func(const char *file_name) {
FILE *fptr;
int c = getc(fptr = fopen(file_name, "r"));
if (feof(stdinfptr) || ferror(stdinfptr)) {
/* Handle error */
}
if (fclose(fptr) == EOF) {
/* Handle error */
}
} |
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <stdio.h>
void func(const char *file_name) {
FILE *fptr = NULL;
int c = 'a';
while (c <= 'z') {
if (putc(c++, fptr ? fptr :
(fptr = fopen(file_name, "w"))) == EOF) {
/* Handle error */
}
}
if (fclose(fptr) == EOF) {
/* Handle error */
}
} |
This noncompliant code example might appear safe even if the putc() macro evaluates its stream argument multiple times, as the ternary conditional expression ostensibly prevents multiple calls to fopen(). However, the assignment to fptr and the evaluation of fptr as the controlling expression of the ternary conditional expression can take place between the same sequence points, resulting in undefined behavior 34 (a violation of EXP30-C. Do not depend on the order of evaluation for side effects). This code also violates ERR33-C. Detect and handle standard library errors because it fails to check the return value from fopen().
...
NOTE: The output of this compliant solution differs depending on the character set. For example, when run on a machine using an ASCII-derived code set such as ISO-8859 or Unicode, this solution will print the out the 26 lowercase letters of the English alphabet. However, if run with an EBCDIC-based code set, such as Codepage 037 or Codepage 285, punctuation marks or symbols may be output between the letters.
...
Using an expression that has side effects as the stream argument to getc(), putc(), or getwc() can result in unexpected behavior and abnormal program termination.
Rule | Severity | Likelihood |
|---|
Detectable | Repairable | Priority | Level |
|---|---|---|---|
FIO41-C | Low | Unlikely | Yes |
Yes |
P3 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| stream-argument-with-side-effects | Fully checked | ||||||
| Axivion Bauhaus Suite |
| CertC-FIO41 | |||||||
| Cppcheck Premium |
| premium-cert-fio41-c | |||||||
| Helix QAC |
| C5036 C++3225, C++3229 | |||||||
| LDRA tool suite |
| 35 D, 1 Q, 9 S, | Fully implemented | ||||||
| Parasoft C/C++test |
| CERT_C-FIO41-a | Do not call 'getc()', 'putc()', 'getwc()', or 'putwc()' with a stream argument containing assignments, increment or decrement operators Do not call 'getc()', 'putc()', 'getwc()', or 'putwc()' with a stream argument containing function calls or function-like macro calls | |||||||
| CERT C: Rule FIO41-C | Checks for stream arguments with possibly unintended side effects (rule fully covered) | |||||||
| RuleChecker |
| stream-argument-with-side-effects | Fully checked |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Key here (explains table format and definitions)
Taxonomy | Taxonomy item | Relationship |
|---|---|---|
| CERT C Secure Coding Standard | FIO24-C. Do not open a file that is already open | Prior to 2018-01-12: CERT: Unspecified Relationship |
| CERT C Secure Coding Standard | EXP30-C. Do not depend on the order of evaluation for side effects |
...
| Prior to 2018-01-12: CERT: Unspecified Relationship |
...