SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 37

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 38

changes.mady.by.user Anirban Gangopadhyay

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

When reading an input stream, the read character sequence is not explicitly null-terminated by the fread() function. Operations on the read-to buffer could result in overruns, causing abnormal program termination.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

FIO17-C

Low

Likely

Medium

P6

L2

Automated Detection

Tool

Version

Checker

Description

LDRA tool suite
Include Page
LDRA_V
LDRA_V
44 SEnhanced enforcement
Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

Tainted NULL or non-null-terminated string

Argument is from an unsecure source and may be NULL or not NULL-terminated

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this guideline on the CERT website.

Related Guidelines

SEI CERT C++ Coding StandardVOID FIO20-CPP. Do not rely on an ending null character when using read()

Bibliography

[ISO/IEC 9899:2011]Subclause 7.21.8.1, "The fread Function"

...


...