Simultaneously opening a file multiple times has implementation-defined behavior. On some platforms, this is not allowed. On others, it might result in race conditions.
Non-Compliant Code Example
The following non-compliant code example logs the program's state at runtime.
void do_stuff(void) { FILE *logfile = fopen("log", "a"); /* Check for errors, write logs pertaining to * do_stuff(), etc. */ } int main(void) { /* Check for errors, write logs pertaining to * main(), etc. */ FILE *logfile = fopen("log", "a"); do_stuff(); /* ... */ }
However, the file log
is opened twice simultaneously. The result is implementation-defined and potentially dangerous.
Compliant Solution
In this compliant solution, a reference to the file pointer is passed as an argument to functions that need to perform operations on that file. This eliminates the need to open the same file multiple times.
void do_stuff(FILE *logfile) { /* Check for errors, write logs pertaining to * do_stuff, etc. */ } int main(void) { FILE *logfile = fopen("log", "a"); /* Check for errors, write logs pertaining to * main, etc. */ do_stuff(logfile); /* ... */ }
Risk Assessment
Simultaneously opening a file multiple times could result in abnormal program termination or a data integrity violation.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
FIO31-C |
medium |
probable |
medium |
P8 |
L2 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
[[ISO/IEC 9899:1999]] Section 7.19.3, "Files"