...
When reading an input stream, the read character sequence is not explicitly null-terminated by the fread()
function. Operations on the read-to buffer could result in overruns, causing abnormal program termination.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
FIO17-C | Low | Likely | Medium | P6 | L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
LDRA tool suite |
| 44 S | Enhanced enforcement | ||||||
Polyspace Bug Finder |
| Tainted NULL or non-null-terminated string | Argument is from an unsecure source and may be NULL or not NULL-terminated |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this guideline on the CERT website.
Related Guidelines
SEI CERT C++ Coding Standard | VOID FIO20-CPP. Do not rely on an ending null character when using read() |
Bibliography
[ISO/IEC 9899:2011] | Subclause 7.21.8.1, "The fread Function" |
...
...