Simultaneously opening a file multiple times has implementation-defined behavior. On some platforms, this is not allowed. On others, it might result in race conditions.

Non-Compliant Coding Example

The following non-compliant code example logs the program's state at runtime.

void do_stuff(void) {
   FILE *logfile = fopen("log", "a");

   /* Check for errors, write logs pertaining to 
    * do_stuff(), etc. */
}

int main(void) {
   /* Check for errors, write logs pertaining to
    * main(), etc. */
   FILE *logfile = fopen("log", "a");    

   do_stuff();
   /* ... */
}

However, the file log is opened twice simultaneously. The result is implementation-defined and potentially dangerous.

Compliant Solution

In this compliant solution, a reference to the file pointer is passed as an argument to functions that need to perform operations on that file. This eliminates the need to open the same file multiple times.

void do_stuff(FILE *logfile) {
  /* Check for errors, write logs pertaining to 
   * do_stuff, etc. */
}

int main(void) {
  FILE *logfile = fopen("log", "a");

  /* Check for errors, write logs pertaining to 
   * main, etc. */

  do_stuff(logfile);

  /* ... */
}

Risk Assessment

Simultaneously opening a file multiple times could result in abnormal program termination or a data integrity violation.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

FIO31-C

medium

probable

medium

P8

L2

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.19.3, "Files"


      09. Input Output (FIO)