The current C Standard does not allow for implicit typing of variables and functions. The C90 Standard did allow such implicit typing. Consequently, there exists some existing legacy code that uses implicit typing. Some C compilers still support legacy code by allowing implicit typing, but it should not be used for new code. Because implicit declarations lead to less stringent type checking, they can introduce unexpected and erroneous behavior or even security vulnerabilities.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
extern foo; |
Some C implementations do not issue a diagnostic for the violation of this constraint. These noncompliant C translators continue to treat such declarations as implying the type int.
...
extern int identifier();
This declaration implies that the function may take any number and type of arguments and returns a single int.
...
This compliant solution declares malloc() by including the appropriate header file.:
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <stdlib.h>
int main(void) {
for (size_t i = 0; i < 100; ++i) {
char *ptr = (char *)malloc(0x10000000);
*ptr = 'a';
}
return 0;
} |
...
Occurrences of an omitted type specifier in existing code are rare, and the consequences are generally minor, perhaps resulting in abnormal program termination.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
DCL31-C | Low | Unlikely | Low | P3 | L3 |
...
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...