According to C99, if the fgets() function fails, the contents of the array it was writing to are undefined. As a result it is necessary to reset the string to a known value to avoid possible errors on subsequent string manipulation functions.
In this example, an error flag is set upon fgets() failure. However, buf is not reset, and will have unknown contents.
enum { BUFFERSIZE = 1024 };
char buf[BUFFERSIZE];
FILE *file;
/* Initialize file */
if (fgets(buf, sizeof(buf), file) == NULL) {
/* set error flag and continue */
}
printf("Read in: %s\n", buf);
|
In this compliant solution buf is set to an error message after fgets fails.
enum { BUFFERSIZE = 1024 };
char buf[BUFFERSIZE];
FILE *file;
/* Initialize file */
if (fgets(buf, sizeof(buf), file) == NULL) {
/* set error flag and continue */
strcpy(buf, "fgets failed");
}
printf("Read in: %s\n", buf);
|
Making assumptions about the contents of the array set by fgets on failure could lead to undefined behavior, possibly resulting in abnormal program termination.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
FIO40-C |
1 (low) |
1 (unlikely) |
2 (medium) |
P2 |
L3 |
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.19.7.2, "The {{fgets}} function" |
FIO39-C. Do not read in from a stream directly following output to that stream 09. Input Output (FIO) FIO41-C. Do not call getc() or putc() with arguments that have side effects