File access between time of check and use (TOCTOU)
File or folder might change state due to access race
Description
This defect occurs when a race condition happens between checking the existence of a file or folder, and using the file or folder.
Risk
An attacker can access and manipulate your file between your check for the file and your use of a file. Symbolic links are particularly risky because an attacker can change where your symbolic link points.
Fix
Before using a file, do not check its status. Instead, use the file and check the results afterward.
Examples
Result Information
| Group: Security | 
| Language: C | C++ | 
| Default: Off | 
| Command-Line Syntax: TOCTOU | 
| Impact: Medium | 
Version History
Introduced in R2015b
See Also
Data race | Bad file access mode or status | Find defects (-checkers)
Topics
- Interpret Bug Finder Results in Polyspace Desktop User Interface
- Interpret Bug Finder Results in Polyspace Access Web Interface (Polyspace Access)
- Address Results in Polyspace User Interface Through Bug Fixes or Justifications
- Address Results in Polyspace Access Through Bug Fixes or Justifications (Polyspace Access)