Simultaneously opening a file multiple times has implementation-defined behavior. On some platforms, this is not allowed. On others, it might result in race conditions.
The following non-compliant code example logs the program's state at runtime.
void do_stuff(void) { FILE *logfile = fopen("log", "a"); /* Check for errors, write logs pertaining to do_stuff(), etc. */ } int main(void) { FILE *logfile = fopen("log", "a"); /* Check for errors, write logs pertaining to main(), etc. */ do_stuff(); /* ... */ } |
However, the file log
is opened twice simultaneously. The result is implementation-defined and potentially dangerous.
In this compliant solution, a reference to the file pointer is passed around so that the file does not have to be opened twice separately.
void do_stuff(FILE **file) { FILE *logfile = *file; /* Check for errors, write logs pertaining to do_stuff, etc. */ } int main(void) { FILE *logfile = fopen("log", "a"); /* Check for errors, write logs pertaining to main, etc. */ do_stuff(&logfile); /* ... */ } |
Simultaneously opening a file multiple times could result in abnormal program termination or a data integrity violation.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
FIO31-C |
2 (medium) |
2 (probable) |
2 (medium) |
P8 |
L2 |
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.19.3, "Files" |
09. Input Output (FIO) FIO32-C. Detect and handle file operation errors