[metadata]
id = "FIO40-C"
type = "recommendation"
category = "FIO"
number = 40
title = "Reset strings on fgets() or fgetws() failure"
description = """
If either of the C Standardfgets()orfgetws()functions fail, the contents of the
array being written isindeterminate. (Seeundefined behavior 175.) It is
necessary to reset the string to a known value to avoid errors on subsequent
string manipulation functions. In this noncompliant code example, an error flag
is set iffgets()fails. However,bufis not reset and has indeterminate contents:
#include <stdio.h> enum { BUFFER_SIZE = 1024 }; void func(FILE *file) { char
buf[BUFFER_SIZE]; if (fgets(buf, sizeof(buf), file) == NULL) { /* Set error flag
and continue */ } }
"""
severity = "Low"
likelihood = "Probable"
priority = "P6"
level = "L2"
cert_version = "2016 Edition (Wiki)"
last_modified = "May 06, 2025"
[rules.cert_c.FIO40-C]
enabled = true
[references]
wiki = "https://wiki.sei.cmu.edu/confluence/display/c/FIO40-C.+Reset+strings+on+fgets%28%29++or+fgetws%28%29+failure"