JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

CodeSonar® 9.2p0 CONFIDENTIAL CodeSecure Inc
C and C++
Binaries

IO.UAC : クローズ後の使用

要旨

既にクローズされているファイルやソケットを使用しようとしています。

プロパティ

クラス名 Use After Close
日本語クラス名 クローズ後の使用
クラス分類 セキュリティ (security)
ニーモニック IO.UAC
カテゴリー
MisraC2025 MisraC2025:22.6 The value of a pointer to a FILE shall not be used after the associated stream has been closed
MisraC2023 MisraC2023:22.6 The value of a pointer to a FILE shall not be used after the associated stream has been closed
Misra2012 Misra2012:22.6 The value of a pointer to a FILE shall not be used after the associated stream has been closed
AUTOSARC++14 AUTOSARC++14:A3-8-1 An object shall not be accessed outside of its lifetime.
MisraC++2023 MisraC++2023:0.3.2 A function call shall not violate the function's preconditions
  MisraC++2023:6.8.1 An object shall not be accessed outside of its lifetime
  MisraC++2023:15.8.1 User-provided copy assignment and move assignment operators shall handle self-assignment
CWE CWE:666 Operation on Resource in Wrong Phase of Lifetime
  CWE:672 Operation on a Resource after Expiration or Release
  CWE:696 Incorrect Behavior Order
  CWE:910 Use of Expired File Descriptor
CERT-C CERT-C:FIO46-C Do not access a closed file
CERT-CPP CERT-CPP:EXP54-CPP Do not access an object outside of its lifetime
  CERT-CPP:OOP54-CPP Gracefully handle self-copy assignment
JSF++ JSF++:81 The assignment operator shall handle self-assignment correctly.
対応言語 C および C++ で利用可能です。
有効/無効設定 このワーニングクラスのチェックはデフォルトで有効になっています。チェックを無効にするにはプロジェクト設定ファイル (configuration file)に以下の WARNING_FILTER ルールを追加してください。 
WARNING_FILTER += discard class="Use After Close"


#include <fcntl.h>
#include <unistd.h>
#include <string.h>

int uac(char *buf){
    int fd;
    ssize_t w;

    fd = open("A.txt", O_CREAT|O_RDWR);
    if (fd < 0){return -1;}
    close(fd);
    w = write(fd, buf, strlen(buf)); /* 'Use After Close' warning issued here */
    return w;
}

ワーニングを引き起こす関数

CodeSonar ships with library models that allow it to a large number of functions that use a file or socket identified by file/socket descriptor. If one of these functions is called with a file/socket descriptor argument associated with a file or socket that has already been closed, a warning will be issued.

If you have created a custom library model for some function f() in terms of one of these existing models, calls to f() will also be capable of triggering Use After Close warnings.

Functions that can trigger a warning include...
libc dup(), fdopen(), stat()
Win32 _lseek(), _read(), _write()

関連のある設定ファイルパラメータ

設定ファイルの以下のパラメータがこのワーニングクラスのチェックに影響します。

 

To report problems with this documentation, please visit https://support.codesecure.com/.