Page History

...

In this compliant solution, fseek() is called between the output and input, eliminating the the undefined behavior 156:

Code Block

bgColor	#ccccff
lang	c

#include <stdio.h>
 
enum { BUFFERSIZE = 32 };
extern void initialize_data(char *data, size_t size);
 
void func(const char *file_name) {
  char data[BUFFERSIZE];
  char append_data[BUFFERSIZE];
  FILE *file;

  file = fopen(file_name, "a+");
  if (file == NULL) {
    /* Handle error */
  }

  initialize_data(append_data, BUFFERSIZE);
  if (fwrite(append_data, BUFFERSIZE, 1, file) != BUFFERSIZE) {
    /* Handle error */
  }

  if (fseek(file, 0L, SEEK_SET) != 0) {
    /* Handle error */
  }

  if (fread(data, BUFFERSIZE, 1, file) != 0) {
    /* Handle there not being data */
  }

  if (fclose(file) == EOF) {
    /* Handle error */
  }
}

...

Alternately inputting and outputting from a stream without an intervening flush or positioning call is undefined behavior 156.

Rule	Severity	Likelihood	Detectable	RepairableRemediation Cost	Priority	Level
FIO39-C	Low	Likely	Yes	MediumNo	P6	L2

Automated Detection

Tool

Version

Checker

Description

Astrée

Include Page

	Astrée_V
	Astrée_V

Supported, but no explicit checker

Axivion Bauhaus Suite

Include Page

	Axivion Bauhaus Suite_V
	Axivion Bauhaus Suite_V

CertC-FIO39

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

IO.IOWOP
IO.OIWOP

Input After Output Without Positioning
Output After Input Without Positioning

Compass/ROSE

Can detect simple violations of this rule

Cppcheck

Include Page

	Cppcheck_V
	Cppcheck_V

IOWithoutPositioningFully implemented

Cppcheck Premium

Include Page

	Cppcheck Premium_V
	Cppcheck Premium_V

IOWithoutPositioning

Fully implemented

Helix QAC

Include Page

	Helix QAC_V
	Helix QAC_V

DF4711, DF4712, DF4713

Klocwork

Include Page

	Klocwork_V
	Klocwork_V

CERT.FIO.NO_FLUSH

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

84 D

Fully implemented

Parasoft C/C++test

Include Page

	Parasoft_V
	Parasoft_V

CERT_C-FIO39-a

Do not alternately input and output from a stream without an intervening flush or positioning call

PC-lint Plus

Include Page

	PC-lint Plus_V
	PC-lint Plus_V

2478, 2479

Fully supported

Polyspace Bug Finder

Include Page

	Polyspace Bug Finder_V
	Polyspace Bug Finder_V

CERT C: Rule FIO39-C

Checks for alternating input and output from a stream without flush or positioning call (rule fully covered)

Security Reviewer - Static Reviewer

Include Page

	Security Reviewer - Static Reviewer_V
	Security Reviewer - Static Reviewer_V

C17
C77
C78
C79
C80

Fully implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

CWE-664 = Union( FIO39-C, list) where list =

Improper use of an object (besides alternating reading/writing a file stream without an intervening flush

This CWE is vague on what constitutes “improper control of a resource”. It could include any violation of an object’s method constraints (whether they are documented or not). Or it could be narrowly interpreted to mean object creation and object destruction (which are covered by other CWEs).

...

Space shortcuts

Page tree

Versions Compared

Old Version 94

New Version Current

Key

Automated Detection

Related Vulnerabilities