SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 89

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 90

changes.mady.by.user Robert Seacord (Manager)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Restriction of the significance of an external name to fewer than 255 characters in the standard (considering each universal character name or extended source character as a single character) is an obsolescent feature that is a concession to existing implementations. As a result, it is not necessary to comply with this restriction as long as the identifiers are unique and the assumptions concerning the number of significant characters are documented.

Noncompliant Code Example (Source Character Set)

On implementations that support only the minimum requirements for significant characters required by the standard, this code example is noncompliant because the first 31 characters of the external identifiers are identical:

Code Block
bgColor#FFcccc
langc
extern int *global_symbol_definition_lookup_table_a;
extern int *global_symbol_definition_lookup_table_b;

Compliant Solution (Source Character Set)

In a compliant solution, the significant characters in each identifier must differ:

Code Block
bgColor#ccccff
langc
extern int *a_global_symbol_definition_lookup_table;
extern int *b_global_symbol_definition_lookup_table;

Noncompliant Code Example (Universal Character Names)

In this noncompliant code example, both external identifiers consist of four universal character names. Because the first three universal character names of each identifier are identical, both identify the same integer array on implementations that support only the minimum requirements for significant characters required by the standard:

Code Block
bgColor#FFcccc
langc
extern int *\U00010401\U00010401\U00010401\U00010401;
extern int *\U00010401\U00010401\U00010401\U00010402;

Compliant Solution (Universal Character Names)

For portability, the first three universal character name combinations used in an identifier must be unique:

Code Block
bgColor#ccccff
langc
extern int *\U00010401\U00010401\U00010401\U00010401;
extern int *\U00010402\U00010401\U00010401\U00010401;

Risk Assessment

Nonunique identifiers can lead to abnormal program termination, denial-of-service attacks, or unintended information disclosure.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

DCL32DCL23-C

Medium

Unlikely

Low

P6

L2

Automated Detection

Tool

Version

Checker

Description

Compass/ROSE

 

 

Can detect some violations of this rule. However, it cannot flag violations involving universal names

LDRA tool suite

Include Page
LDRA_V
LDRA_V

17 D
355 S
61 X

Fully implemented

PRQA QA-C
Include Page
PRQA_V
PRQA_V

0777 (U)
0779 (U)

Partially implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

ISO/IEC TR 24772:2013Choice of Clear Names [NAI]
Identifier Name Reuse [YOW]
MISRA C:2012Rule 5.1 through Rule 5.5 (required)
Rule 8.6 (required)

Bibliography

[ISO/IEC 9899:2011]

Subclause 6.2.7, "Compatible Type and Composite Type"
Subclause 6.4.1, "Keywords"

...