If either the C Standard fgets() or fgetws() function fails, the contents of the array it was writing to are indeterminate (see undefined behavior 170.) It is necessary to reset the string to a known value to avoid possible errors on subsequent string manipulation functions.
Noncompliant Code Example
In this noncompliant code example, an error flag is set upon fgets() failure:
#include <stdio.h>
#define BUFFER_SIZE 1024
void func(FILE *file) {
char buf[BUFFER_SIZE];
if (fgets(buf, sizeof(buf), file) == NULL) {
/* Set error flag and continue */
}
}
However, buf is not reset and has unknown contents.
Compliant Solution
In this compliant solution, buf is set to an empty string if fgets() fails. The equivalent solution for fgetws() would set buf to an empty wide string:
#include <stdio.h>
#define BUFFER_SIZE 1024
void func(FILE *file) {
char buf[BUFFER_SIZE];
if (fgets(buf, sizeof(buf), file) == NULL) {
/* Set error flag and continue */
*buf = '\0';
}
}
Exceptions
FIO40-EX0: If the string goes out of scope immediately following the call to fgets() or fgetws() or is not referenced in the case of a failure, it need not be reset.
Risk Assessment
Making invalid assumptions about the contents of an array modified by fgets() or fgetws() can result in undefined behavior and abnormal program termination.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
FIO40-C | Low | Probable | Medium | P4 | L3 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines