CERT C: Rec. FIO10-C

Take care when using the rename() function

Since R2024b

expand all in page

Description

Rule Definition

Take care when using the rename() function.¹

Polyspace Implementation

This checker checks for File renamed without checking existence of destination file.

Examples

expand all

File renamed without checking existence of destination file

Issue

File renamed without checking existence of destination file occurs when you use the rename() function to rename a file without checking if a file with the new name already exists.

Risk

The rename() function has implementation-defined behavior if a file with the new name already exists. Unless you explicitly handle this situation, your code is not portable across implementations.

Fix

Before renaming a file using the rename() function, check for the existence of a file with the new name. If the file already exists, you can write specific code to either remove the file explicitly or preserve the file.

You can use implementation-specific functions to check for the existence of a file or remove an existing file. Since the functions are implementation-specific, there is less risk of silent errors when you port your code across implementations.

Type of Function Implementation Examples

Type of Function	Implementation	Examples
Checks for file existence	POSIX^®	`access()` `stat()` `lstat()`
Checks for file existence	Windows^®	Functions from one of these family of functions: `_access`, `_access_s`, etc. `GetFileAttributes`, `GetFileAttributesA`, etc. `PathFileExists`, `PathFileExistsA`, etc.
Removes existing file	POSIX	`remove()` `unlink()`

Checks for file existence

POSIX^®

access()
stat()
lstat()

Checks for file existence

Windows^®

Functions from one of these family of functions:

_access, _access_s, etc.
GetFileAttributes, GetFileAttributesA, etc.
PathFileExists, PathFileExistsA, etc.

Removes existing file

POSIX

remove()
unlink()

Example – File Renamed Without Checks

#include <stdio.h>

void renameFile(const char * srcFile, const char *destFile) {
    int res = rename(srcFile, destFile); // Noncompliant
    if (res != 0) {
        // Handle error
    }
}

In this example, the function renameFile() renames a file to the name destFile without checking if a file with that name already exists. This file renaming has implementation-defined behavior and can cause silent failures, thus violating the rule.

Correction – Check for File Existence Before Renaming

In POSIX, you can use the function access() to check for the existence of a file with the name destFile. You can rename to destFile only if a file with this name does not already exist.

#include <stdio.h>
#include <unistd.h>

void renameFile(const char * srcFile, const char *destFile) {
    int fileExists = access(destFile, F_OK);
    if (!fileExists) {
        int res = rename(srcFile, destFile); // Compliant
        if (res != 0) {
            // Handle error
        }
    }
}

This solution has the possibility of a race condition between the call to the acces() function and the rename() function. To avoid the race condition, you have to perform additional steps. For instance, you can use critical sections to ensure that the section of code in the renameFile() function is executed in an atomic manner.

Check Information

Group: Rec. 09. Input Output (FIO)

Version History

Introduced in R2024b

¹ This software has been created by MathWorks incorporating portions of: the “SEI CERT-C Website,” © 2017 Carnegie Mellon University, the SEI CERT-C++ Web site © 2017 Carnegie Mellon University, ”SEI CERT C Coding Standard – Rules for Developing safe, Reliable and Secure systems – 2016 Edition,” © 2016 Carnegie Mellon University, and “SEI CERT C++ Coding Standard – Rules for Developing safe, Reliable and Secure systems in C++ – 2016 Edition” © 2016 Carnegie Mellon University, with special permission from its Software Engineering Institute.

ANY MATERIAL OF CARNEGIE MELLON UNIVERSITY AND/OR ITS SOFTWARE ENGINEERING INSTITUTE CONTAINED HEREIN IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

This software and associated documentation has not been reviewed nor is it endorsed by Carnegie Mellon University or its Software Engineering Institute.