SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 95

changes.mady.by.user Michal Rozenau

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM Cost Reform

...

Code Block
bgColor#ffcccc
langc
#include <stdio.h>
 
void func(const char *file_name) {
  FILE *fptr;

  int c = getc(fptr = fopen(file_name, "r"));
  if (feof(stdinfptr) || ferror(stdinfptr)) {
    /* Handle error */
  }

  if (fclose(fptr) == EOF) {
    /* Handle error */
  }
}

...

This noncompliant code example might appear safe even if the putc() macro evaluates its stream argument multiple times, as the ternary conditional expression ostensibly prevents multiple calls to fopen(). However, the assignment to fptr and the evaluation of fptr as the controlling expression of the ternary conditional expression can take place between the same sequence points, resulting in undefined behavior 34 (a violation of EXP30-C. Do not depend on the order of evaluation for side effects). This code also violates ERR33-C. Detect and handle standard library errors because it fails to check the return value from fopen().

...

Using an expression that has side effects as the stream argument to getc(), putc(), or getwc() can result in unexpected behavior and abnormal program termination.

Rule

Severity

Likelihood

Detectable

RepairableRemediation Cost

Priority

Level

FIO41-C

Low

Unlikely

Yes

MediumYes

P2P3

L3

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
stream-argument-with-side-effectsFully checked
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-FIO41
Cppcheck Premium

Include Page
Cppcheck Premium_V
Cppcheck Premium_V

premium-cert-fio41-c
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C5036

C++3225, C++3229


LDRA tool suite
Include Page
LDRA_V
LDRA_V

35 D, 1 Q, 9 S,
30 S, 134 S

Fully implemented

Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V

CERT_C-FIO41-a
CERT_C-FIO41-b

CERT_C-FIO41-c
CERT_C-FIO41-d
CERT_C-FIO41-eThe value of an expression shall be the same under any order of evaluation that the standard permitsDon't write code that depends on the order of evaluation of function arguments
Don't write code that depends on the order of evaluation of function designator and function arguments
Don't write code that depends on the order of evaluation of expression that involves a function call
A full expression containing an increment (++) or decrement (--) operator should have no other potential side effects
Do not call 'getc()', 'putc()', 'getwc()', or 'putwc()' with a stream argument containing assignments, increment or decrement operators
Do not call 'getc()', 'putc()', 'getwc()', or 'putwc()' with a stream argument containing function calls or function-like macro calls

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

Stream argument

CERT C: Rule FIO41-CChecks for stream arguments with possibly unintended side effects
Stream argument side effects occur more than once PRQA QA-C++4.2 
(rule fully covered)
RuleChecker

Include Page
RuleChecker_V
RuleChecker_V

stream-argument-with-side-effectsFully checked
3225, 3229 

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...