Simultaneously opening a file multiple times has implementation-defined behavior. On some platforms, this is not allowed. On others, it might result in race conditions.
The following non-compliant code example logs the program's state at runtime.
void do_stuff(void) {
FILE *logfile = fopen("log", "a");
/* Check for errors, write logs pertaining to
* do_stuff(), etc. */
}
int main(void) {
/* Check for errors, write logs pertaining to
* main(), etc. */
FILE *logfile = fopen("log", "a");
do_stuff();
/* ... */
}
|
However, the file log is opened twice simultaneously. The result is implementation-defined and potentially dangerous.
In this compliant solution, a reference to the file pointer is passed as an argument to functions that need to perform operations on that file. This eliminates the need to open the same file multiple times.
void do_stuff(FILE *logfile) {
/* Check for errors, write logs pertaining to
* do_stuff, etc. */
}
int main(void) {
FILE *logfile = fopen("log", "a");
/* Check for errors, write logs pertaining to
* main, etc. */
do_stuff(logfile);
/* ... */
}
|
Simultaneously opening a file multiple times could result in abnormal program termination or a data integrity violation.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
FIO31-C |
medium |
probable |
medium |
P8 |
L2 |
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.19.3, "Files" |