CERT.FILE_PTR.DEREF

A pointer to a FILE object shall not be dereferenced.

Vulnerability and risk

Dereferencing a pointer to a FILE object may result in unexpected behavior.

Mitigation and prevention

Do not dereference a pointer to a FILE object.

Vulnerable code example

Copy
   #include <iostream>
  
   int main()
   {
  
       FILE *pf1;
       FILE *pf2;
       FILE f4=*pf2;      
       pf2 = pf1;         
   
      if (fputs("Hello, World!\n", &f3) == EOF) {
          /* Handle error */
      }
      return 0;
  }

                                            

In this noncompliant example, Klocwork reports a CERT.FILE_PTR.DEREF defect on Line 8, because dereferencing a pointer to a FILE object may result in unexpected behavior.

Fixed code example

Copy
   #include <iostream>
 
  int main()
  {
   
       FILE *pf1;
       FILE *pf2;
       FILE *f4=pf2;      
       pf2 = pf1;         
 
      if (fputs("Hello, World!\n", &f3) == EOF) {
          /* Handle error */
      }
      return 0;
 
 }

The above example is compliant because it uses an address of a FILE object and does not use a value copy of the FILE object.

Related checkers

  • MISRA.FILE_PTR.DEREF.2012

External guidance