The C standard defines the fwrite() function as follows
size_t fwrite(const void *restrict ptr, size_t size, size_t nitems, FILE *restrict stream);
The
fwrite()function shall write, from the array pointed to byptr, up tonitemselements whose size is specified bysize, to the stream pointed to bystream. For each object,sizecalls shall be made to thefputc()function, taking the values (in order) from an array of unsigned char exactly overlaying the object. The file-position indicator for the stream (if defined) shall be advanced by the number of bytes successfully written. If an error occurs, the resulting value of the file-position indicator for the stream is unspecified.
The definition does not state that the fwrite() function will stop copying characters into the file if a null character is encountered. Therefore, when writing a C string in to a file using the fwrite() function, always use the size of the buffer string plus 1 (to account for the null character) as the nitems parameter.
Noncompliant Code Example
In the following piece of code, the size of the buffer is stored in size1, but size2 number of characters are written in to the file. If size2 is greater than size1, write() will not stop copying characters at the null character.
#include <stdio.h>
#include <stdlib.h>
int main(){
char *buffer = NULL;
long size1, size2;
FILE *filedes;
/* ...
* Assume size1 and size2 are appropriately initialized
* ...
*/
filedes = fopen("out.txt", "w+");
if (filedes < 0)
return 0;
buffer = (char *)calloc(1, size1);
if (!buffer)
return 0;
fwrite(buffer, sizeof(char), size2, filedes);
free(buffer);
buffer = NULL;
fclose(filedes);
return 0;
}
Compliant Code Example
The following code will ensure that the right number of characters are written in to the file.
#include <stdio.h>
#include <stdlib.h>
int main(){
char *buffer = NULL;
long size1, size2;
FILE *filedes;
/* ...
* Assume size1 and size2 are appropriately initialized
* ...
*/
filedes = fopen("out.txt", "w+");
if (filedes < 0)
return 0;
buffer = (char *)calloc(1, size1);
if (!buffer)
return 0;
/* ...
* Accept characters in to the buffer
* Check for buffer overflow
* ...
*/
size2 = strlen(buffer) + 1;
fwrite(buffer, sizeof(char), size2, filedes);
free(buffer);
buffer = NULL;
fclose(filedes);
return 0;
}
Other Languages
This rule can be found in the C++ Secure Coding Practice as FIO18-CPP. Never expect write() to terminate the writing process at a null character.
References
[1] http://www.opengroup.org/onlinepubs/009695399/functions/fwrite.html