[metadata]
id = "FIO17-C"
type = "recommendation"
category = "FIO"
number = 17
title = "Do not rely on an ending null character when using fread()"
description = """
Thefread()function, as defined in the C Standard, subclause 7.21.8.1 [ISO/IEC
9899:2011], does not explicitly null-terminate the read character sequence.
Although the content of a file has a properly null-terminated character
sequence, ifnmembis less than the total length of the characters,
thefread()function will not read afternmembcharacters.fread()will not append a
null character to the end of the string being read to. Suppose we have a null-
terminated character sequence in a file, and we need to extract a null-
terminated byte string:
"""
severity = "Low"
likelihood = "Likely"
priority = "P6"
level = "L2"
cert_version = "2016 Edition (Wiki)"
last_modified = "May 20, 2025"
[rules.cert_c.FIO17-C]
enabled = true
[references]
wiki = "https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87152233"