Main Content

CERT C: Rec. FIO08-C

Take care when calling remove() on an open file

Since R2024b

expand all in page

Description

Rule Definition

Take care when calling remove() on an open file.1

Polyspace Implementation

This checker checks for Function remove() called on open file.

Examples

expand all

Issue

Function remove() called on open file occurs when you call the remove() or _wremove() function on a file that was previously opened using a function such as fopen() or _wfopen(), and not yet closed.

The checker for this issue considers these functions as file-opening functions:

  • fopen(), freopen() or _wfopen() – These functions take the file name as the first argument

  • fopen_s() or _wfopen_s() – These functions take the file name as the second argument.

Risk

The result of invoking remove() on an open file is implementation defined. On some implementations, calling remove() does not remove an open file since the associated stream is still open.

Fix

Avoid calling the remove() function on an open file.

If you need to remove an open file, try to use functions that provide more definite guarantees on removing the file. You can use implementation-specific functions such as the POSIX® function unlink().

Example – Use of remove() on Open File
#include <stdio.h>

void fileOperations(void)
{
    FILE *file;
    const char* fileName = "C:\temp\tmp_data.txt";
    /* Initialize file_name */
    file = fopen (fileName, "w+");

    if (file == NULL) {
        /* Handle error condition */
    }

    /* ... */
    if (remove (fileName) != 0) {   //Noncompliant
        /* Handle error condition */
    }

    fclose (file);

}

In this example, the remove() function is called on a file that was previously opened using fopen(), and not yet closed.

Correction – Use Alternate Function With More Explicitly Guaranteed Behavior

Instead of remove(), you can use a function such as the POSIX function unlink() that removes a link to a file but does not delete the file if there are other links to the file or if a process has the file open.

#include <stdio.h>
#include <unistd.h>

void fileOperations(void)
{
    FILE *file;
    const char* fileName = "C:\temp\tmp_data.txt";
    /* Initialize file_name */
    file = fopen (fileName, "w+");

    if (file == NULL) {
        /* Handle error condition */
    }

    /* ... */
    if (unlink (fileName) != 0) {   // Compliant
        /* Handle error condition */
    }

    fclose (file);

}

Check Information

Group: Rec. 09. Input Output (FIO)

Version History

Introduced in R2024b

See Also

Topics

External Websites

1 This software has been created by MathWorks incorporating portions of: the “SEI CERT-C Website,” © 2017 Carnegie Mellon University, the SEI CERT-C++ Web site © 2017 Carnegie Mellon University, ”SEI CERT C Coding Standard – Rules for Developing safe, Reliable and Secure systems – 2016 Edition,” © 2016 Carnegie Mellon University, and “SEI CERT C++ Coding Standard – Rules for Developing safe, Reliable and Secure systems in C++ – 2016 Edition” © 2016 Carnegie Mellon University, with special permission from its Software Engineering Institute.

ANY MATERIAL OF CARNEGIE MELLON UNIVERSITY AND/OR ITS SOFTWARE ENGINEERING INSTITUTE CONTAINED HEREIN IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

This software and associated documentation has not been reviewed nor is it endorsed by Carnegie Mellon University or its Software Engineering Institute.