Simultaneously opening a file multiple times has implementation-defined behavior. On some platforms, this is not allowed. On others, it might result in race conditions.
Non-Compliant Coding Example
The following non-compliant code example logs the program's state at runtime.
void do_stuff(void) { FILE *logfile = fopen("log", "a"); /* Check for errors, write logs pertaining to do_stuff(), etc. */ } int main(void) { FILE *logfile = fopen("log", "a"); /* Check for errors, write logs pertaining to main(), etc. */ do_stuff(); /* ... */ }
However, the file log
is opened twice simultaneously. The result is implementation-defined and potentially dangerous.
Compliant Solution
In this compliant solution, a reference to the file pointer is passed around so that the file does not have to be opened twice separately.
void do_stuff(FILE **file) { FILE *logfile = *file; /* Check for errors, write logs pertaining to do_stuff, etc. */ } int main(void) { FILE *logfile = fopen("log", "a"); /* Check for errors, write logs pertaining to main, etc. */ do_stuff(&logfile); /* ... */ }
Risk Assessment
Simultaneously opening a file multiple times could result in abnormal program termination or a data integrity violation.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
FIO31-C |
2 (medium) |
2 (probable) |
2 (medium) |
P8 |
L2 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
[[ISO/IEC 9899-1999]] Section 7.19.3, "Files"
09. Input Output (FIO) FIO32-C. Detect and handle file operation errors