CertC++-FIO40ΒΆ

Reset strings on fgets() or fgetws() failure

Required inputs: IR

If either of the C Standard fgets() or fgetws() functions fail, the contents of the array being written is indeterminate. (See undefined behavior 170.)  It is necessary to reset the string to a known value to avoid errors on subsequent string manipulation functions.

Noncompliant Code Example

In this noncompliant code example, an error flag is set if fgets() fails. However, buf is not reset and has indeterminate contents: 

#include <stdio.h>
 
enum { BUFFER_SIZE = 1024 };
void func(FILE *file) {
  char buf[BUFFER_SIZE];

  if (fgets(buf, sizeof(buf), file) == NULL) {
    /* Set error flag and continue */
  }
}
Compliant Solution

In this compliant solution, buf is set to an empty string if fgets() fails. The equivalent solution for fgetws() would set buf to an empty wide string. 

#include <stdio.h>
 
enum { BUFFER_SIZE = 1024 };

void func(FILE *file) {
  char buf[BUFFER_SIZE];

  if (fgets(buf, sizeof(buf), file) == NULL) {
    /* Set error flag and continue */
    *buf = '\0';
  }
}
Exceptions

FIO40-C-EX1: If the string goes out of scope immediately following the call to fgets() or fgetws() or is not referenced in the case of a failure, it need not be reset.

Risk Assessment

Making invalid assumptions about the contents of an array modified by fgets() or fgetws() can result in undefined behavior and abnormal program termination.

Rule Severity Likelihood Remediation Cost Priority Level
FIO40-C Low Probable Medium P4 L3
Excerpt from SEI CERT C++ Coding Standard [https://cmu-sei.github.io/secure-coding-standards/sei-cert-c-coding-standard/rules/input-output-fio/fio40-c], Copyright (C) 1995-2026 Carnegie Mellon University. See section 9.4. "3rd-Party Licenses" in the documentation for full details.

Possible Messages

Key

Text

Severity

Disabled

reset_string_fgets_failure

Reset strings on fgets() or fgetws() failure.

None

False

Options