Bad file access mode or status

Access mode argument of function in fopen or open group is invalid

expand all in page

Description

This defect occurs when you use functions in the fopen or open group with invalid or incompatible file access modes, file creation flags, or file status flags as arguments. For instance, for the open function, examples of valid:

  • Access modes include O_RDONLY, O_WRONLY, and O_RDWR

  • File creation flags include O_CREAT, O_EXCL, O_NOCTTY, and O_TRUNC.

  • File status flags include O_APPEND, O_ASYNC, O_CLOEXEC, O_DIRECT, O_DIRECTORY, O_LARGEFILE, O_NOATIME, O_NOFOLLOW, O_NONBLOCK, O_NDELAY, O_SHLOCK, O_EXLOCK, O_FSYNC, O_SYNC and so on.

The defect can occur in the following situations.

SituationRiskFix

You pass an empty or invalid access mode to the fopen function.

According to the ANSI® C standard, the valid access modes for fopen are:

  • r,r+

  • w,w+

  • a,a+

  • rb, wb, ab

  • r+b, w+b, a+b

  • rb+, wb+, ab+

fopen has undefined behavior for invalid access modes.

Some implementations allow extension of the access mode such as:

  • GNU®: rb+cmxe,ccs=utf

  • Visual C++®: a+t, where t specifies a text mode.

However, your access mode string must begin with one of the valid sequences.

Pass a valid access mode to fopen.
You pass the status flag O_APPEND to the open function without combining it with either O_WRONLY or O_RDWR.

O_APPEND indicates that you intend to add new content at the end of a file. However, without O_WRONLY or O_RDWR, you cannot write to the file.

The open function does not return -1 for this logical error.

Pass either O_APPEND|O_WRONLY or O_APPEND|O_RDWR as access mode.
You pass the status flags O_APPEND and O_TRUNC together to the open function.

O_APPEND indicates that you intend to add new content at the end of a file. However, O_TRUNC indicates that you intend to truncate the file to zero. Therefore, the two modes cannot operate together.

The open function does not return -1 for this logical error.

Depending on what you intend to do, pass one of the two modes.
You pass the status flag O_ASYNC to the open function. On certain implementations, the mode O_ASYNC does not enable signal-driven I/O operations.Use the fcntl(pathname, F_SETFL, O_ASYNC); instead.

Fix

The fix depends on the root cause of the defect. Often the result details show a sequence of events that led to the defect. You can implement the fix on any event in the sequence. If the result details do not show the event history, you can trace back using right-click options in the source code and see previous related events. See also Interpret Bug Finder Results in Polyspace Desktop User Interface.

See examples of fixes below.

If you do not want to fix the issue, add comments to your result or code to avoid another review. See Address Polyspace Results Through Bug Fixes or Justifications.

Examples

expand all

#include <stdio.h>

void func(void) {
    FILE *file = fopen("data.txt", "rw");
    if(file!=NULL) {
        fputs("new data",file);
        fclose(file);
    }
}

In this example, the access mode rw is invalid. Because r indicates that you open the file for reading and w indicates that you create a new file for writing, the two access modes are incompatible.

Correction — Use Either r or w as Access Mode

One possible correction is to use the access mode corresponding to what you intend to do.

#include <stdio.h>

void func(void) {
    FILE *file = fopen("data.txt", "w");
    if(file!=NULL) {
        fputs("new data",file);
        fclose(file);
    }
}

Result Information

Group: Programming
Language: C | C++
Default: Off
Command-Line Syntax: BAD_FILE_ACCESS_MODE_STATUS
Impact: Medium
CWE ID: 628, 686

See Also

Topics

Introduced in R2015b

Polyspace Bug Finder Documentation

Support