Portability is an important issue to keep in mind when using the fread() and fwrite() functions across multiple systems. In particular, it is never guaranteed that reading or writing of simple data structures such as int's, let alone complex structures such as float's or struct's will preserve the representation or value of the data. Different compilers use different amounts of padding, different machines use various floating point models, may use a different number of bits per byte, and there is always the issue of endianness.
struct {
char c;
float f;
} myData;
/* There is no way to verify what binary model was used to write the data */
fread(&myData, sizeof(myData), 1, fd);
|
The best solution is to use either a text representation or a special library which will ensure the integrity of data.
struct {
char c;
float f;
} myData;
if(fscanf(fd, "%c %f\n", &myData.c, &myData.f) != 2) {
/* Handle error */
}
|
Reading binary data that has a different format than expected may result in unintended program behavior.
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
FIO00-A. Take care when creating format strings 09. Input Output (FIO) FIO02-A. Canonicalize path names originating from untrusted sources