Simultaneously opening a file multiple times has implementation-defined behavior. While some platforms may forbid a file simultaneously being opened multiple times, platforms that allow it may facilitate dangerous race conditions.
This noncompliant code example logs the program's state at runtime.
void do_stuff(void) {
FILE *logfile = fopen("log", "a");
if (logfile == NULL) {
/* Handle error */
}
/* Write logs pertaining to do_stuff() */
/* ... */
}
int main(void) {
FILE *logfile = fopen("log", "a");
if (logfile == NULL) {
/* Handle error */
}
/* Write logs pertaining to main() */
do_stuff();
/* ... */
}
|
However, the file log is opened twice simultaneously. The result is implementation-defined and potentially dangerous.
In this compliant solution, a reference to the file pointer is passed as an argument to functions that need to perform operations on that file. This eliminates the need to open the same file multiple times.
void do_stuff(FILE *logfile) {
/* Write logs pertaining to do_stuff() */
/* ... */
}
int main(void) {
FILE *logfile = fopen("log", "a");
if (logfile == NULL) {
/* Handle error */
}
/* Write logs pertaining to main() */
do_stuff(logfile);
/* ... */
}
|
Simultaneously opening a file multiple times can result in abnormal program termination or data integrity violations.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
FIO31-C |
medium |
probable |
high |
P4 |
L3 |
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
This rule appears in the C++ Secure Coding Standard as FIO31-CPP. Do not simultaneously open the same file multiple times.
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.19.3, "Files" \[[MITRE 07|AA. C References#MITRE 07]\] [CWE ID 362|http://cwe.mitre.org/data/definitions/362.html], "Race Condition," [CWE ID 675|http://cwe.mitre.org/data/definitions/675.html], and "Duplicate Operations on Resource" |