Simultaneously opening a file multiple times has implementation-defined behavior. On some platforms, this is not allowed. On others, it might result in race conditions.
The following non-compliant code example logs the program's state at runtime.
void do_stuff(void) {
FILE *logfile = fopen("log", "a");
/* Check for errors, write logs pertaining to do_stuff(), etc. */
}
int main(void)
{
FILE *logfile = fopen("log", "a"); /* Check for errors, write logs pertaining to main(), etc. */
do_stuff();
/* ... */
}
|
However, the file log is opened twice simultaneously. The result is implementation-defined and potentially dangerous.
In this compliant solution, a reference to the file pointer is passed around so that the file does not have to be opened twice separately.
void do_stuff(FILE **file) {
FILE *logfile = *file;
/* Check for errors, write logs pertaining to do_stuff, etc. */
}
int main(void) {
FILE *logfile = fopen("log", "a");
/* Check for errors, write logs pertaining to main, etc. */
do_stuff(&logfile);
/* ... */
}
|
Simultaneously opening a file multiple times could result in abnormal program termination or a data integrity violation.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
FIO31-C |
2 (medium) |
2 (probable) |
2 (medium) |
P8 |
L2 |
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.19.3, "Files" |
09. Input Output (FIO) FIO32-C. Reserved