Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 21 Next »

Input and output are mapped into logical data streams whose properties are more uniform than their various inputs and outputs. Two forms of mapping are supported, one for text streams and one for binary streams [[ISO/IEC 9899-1999]]. They differ in the actual representation of data as well as in the functionality of some C99 functions.

Text streams

Representation

Characters may have to be altered to conform to differing conventions for representing text in the host environment. As a consequence, data read/written to or from a text stream will not necessarily compare equal to the stream's byte content.

The following code opens the file myfile as a text stream:

FILE *file = fopen(file_name, "w");
/* Check for errors */
fputs("\n", file);

Some architectures might model line breaks differently. For example, on Windows, the above code will write two bytes (a carriage return and then a newline) to the file, whereas on *nix systems, it will only write one byte (a newline).

fseek()

When specifying the offset for fseek() on a text stream, it must either be zero, or a value returned by an earlier successful call to the ftell() function (on a stream associated with the same file) with a mode of SEEK_SET.

ungetc()

The ungetc() function causes the file position indicator to be "unspecified" until all pushed back characters are read. Therefore, care must be taken that file-position-related functions are not used while this is true.

Binary streams

Representation

A binary stream is an ordered sequence of characters that can transparently record internal data. As a consequence, data read/written to or from a binary stream will necessarily compare equal to the stream's byte content.

The following code opens the file myfile as a binary stream:

FILE *file = fopen(file_name, "wb");
/* Check for errors */
fputs("\n", file);

Regardless of architecture, this code will write exactly one byte (a newline).

fseek()

According to the C99 standard, a binary stream may be terminated with an unspecified number of null characters and need not meaningfully support fseek() calls with a mode of SEEK_END. Therefore, do not call fseek() on a binary stream with a mode of SEEK_END.

ungetc()

The ungetc() function causes the file position indicator to be decremented by one for each successful call, with the value being indeterminate if it is zero before any call. Therefore, it must never be called on a binary stream where the file position indicator is zero.

Risk Assessment

Failure to understand file stream mappings can result in unexpectedly formatted files.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

FIO14-A

1 (low)

2 (probable)

2 (medium)

P4

L3

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

[[ISO/IEC 9899-1999]] Section 7.19.2, "Streams"


FIO13-A. Take care when using ungetc()      09. Input Output (FIO)       FIO15-A. Do not create temporary files in shared directories

  • No labels