Main Content

MISRA C++:2008 Rule 27-0-1

The stream input/output library <cstdio> shall not be used

expand all in page

Description

Rule Definition

The stream input/output library <cstdio> shall not be used.

Rationale

Functions in cstdio such as gets(), fgetpos(), fopen(), ftell(), etc. have unspecified, undefined and implementation-defined behavior.

For instance:

  • The gets() function:

    char * gets ( char * buf );
    does not check if the number of characters provided at the standard input exceeds the buffer buf. The function can have unexpected behavior when the input exceeds the buffer.

  • The fopen function has implementation-specific behavior related to whether it sets errno on errors or whether it accepts additional characters following the standard mode specifiers.

Polyspace Implementation

Polyspace® reports a violation of this rule if you use the functions declared in <cstdio>. Polyspace detects the use of these cstdio functions:

  • File operation functions such as remove() and rename().

  • File access functions such as fclose(),fflush(), and fopen().

  • Formatted input/output functions such as fprintf(), fscanf(), printf(), and scanf().

  • Character input output functions such as fgetc(), fgets(), fputc(), and getc().

  • Direct input/output functions such as fread() and fwrite().

  • File positioning functions such as fgetpos() and fsetpos().

  • Error handling functions such as clearerr(), ferror(), and perror().

Troubleshooting

If you expect a rule violation but Polyspace does not report it, see Diagnose Why Coding Standard Violations Do Not Appear as Expected.

Examples

expand all

#include <cstdio>

void func()
{
    char array[10];
    fgets(array, sizeof array, stdin); //Noncompliant
}

The use of fgets() violates this rule.

Check Information

Group: Input/output Library
Category: Required

Version History

Introduced in R2013b

See Also

Topics