JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

CodeSonar® 9.2p0 CONFIDENTIAL CodeSecure Inc
C and C++
Binaries

IO.UAC : Use After Close

Summary

An attempt to use a file or socket that has already been closed.

Properties

Class Name Use After Close
Significance security
Mnemonic IO.UAC
Categories
MisraC2025 MisraC2025:22.6 The value of a pointer to a FILE shall not be used after the associated stream has been closed
MisraC2023 MisraC2023:22.6 The value of a pointer to a FILE shall not be used after the associated stream has been closed
Misra2012 Misra2012:22.6 The value of a pointer to a FILE shall not be used after the associated stream has been closed
AUTOSARC++14 AUTOSARC++14:A3-8-1 An object shall not be accessed outside of its lifetime.
MisraC++2023 MisraC++2023:0.3.2 A function call shall not violate the function's preconditions
  MisraC++2023:6.8.1 An object shall not be accessed outside of its lifetime
  MisraC++2023:15.8.1 User-provided copy assignment and move assignment operators shall handle self-assignment
CWE CWE:666 Operation on Resource in Wrong Phase of Lifetime
  CWE:672 Operation on a Resource after Expiration or Release
  CWE:696 Incorrect Behavior Order
  CWE:910 Use of Expired File Descriptor
CERT-C CERT-C:FIO46-C Do not access a closed file
CERT-CPP CERT-CPP:EXP54-CPP Do not access an object outside of its lifetime
  CERT-CPP:OOP54-CPP Gracefully handle self-copy assignment
JSF++ JSF++:81 The assignment operator shall handle self-assignment correctly.
Availability Available for C and C++.
Enabling Checks for this warning class are enabled by default. To disable them, add the following WARNING_FILTER rule to the project configuration file. 
WARNING_FILTER += discard class="Use After Close"

Example 

#include <fcntl.h>
#include <unistd.h>
#include <string.h>

int uac(char *buf){
    int fd;
    ssize_t w;

    fd = open("A.txt", O_CREAT|O_RDWR);
    if (fd < 0){return -1;}
    close(fd);
    w = write(fd, buf, strlen(buf)); /* 'Use After Close' warning issued here */
    return w;
}

Triggering Functions

CodeSonar ships with library models that allow it to recognize a large number of functions that use a file or socket identified by file/socket descriptor. Some examples are shown in the table below. If one of these functions is called with a file/socket descriptor argument associated with a file or socket that has already been closed, a warning will be issued.

If you have created a custom library model for some function f() in terms of one of these existing models, calls to f() will also be capable of triggering Use After Close warnings.

Functions that can trigger a warning include...
libc dup(), fdopen(), stat()
Win32 _lseek(), _read(), _write()

Relevant Configuration File Parameters

The following configuration file parameters affect checks for this warning class.

 

To report problems with this documentation, please visit https://support.codesecure.com/.