CERT.FILE_PTR.DEREF
A pointer to a FILE object shall not be dereferenced.
Vulnerability and risk
Dereferencing a pointer to a FILE object may result in unexpected behavior.
Mitigation and prevention
Do not dereference a pointer to a FILE object.
Vulnerable code example
Copy
#include <iostream>
int main()
{
FILE *pf1;
FILE *pf2;
FILE f4=*pf2;
pf2 = pf1;
if (fputs("Hello, World!\n", &f3) == EOF) {
/* Handle error */
}
return 0;
}
In this noncompliant example, Klocwork reports a CERT.FILE_PTR.DEREF defect on Line 8, because dereferencing a pointer to a FILE object may result in unexpected behavior.
Fixed code example
Copy
#include <iostream>
int main()
{
FILE *pf1;
FILE *pf2;
FILE *f4=pf2;
pf2 = pf1;
if (fputs("Hello, World!\n", &f3) == EOF) {
/* Handle error */
}
return 0;
}
The above example is compliant because it uses an address of a FILE object and does not use a value copy of the FILE object.
Related checkers
- MISRA.FILE_PTR.DEREF.2012