SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 80

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version 81

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

If a file with the same name as a standard header is placed in the search path for included source files, the behavior is undefined.

The following table from the C Standard, section 7.1.2 [ISO/IEC 9899:2011], lists these standard headers:

<assert.h><float.h><math.h><stdatomic.h><stdlib.h><time.h>
<complex.h><inttypes.h><setjmp.h><stdbool.h><stdnoreturn.h><uchar.h>
<ctype.h><iso646.h><signal.h><stddef.h><string.h><wchar.h>
<errno.h><limits.h><stdalign.h><stdint.h><tgmath.h><wctype.h>
<fenv.h><locale.h><stdarg.h><stdio.h><threads.h> 

Do not reuse standard header file names, system-specific header file names, or other header file names.

Noncompliant Code Example

In this noncompliant code example, the programmer chooses to use a local version of the standard library but does not make the change clear:

Code Block
bgColor#FFcccc
langc
#include "stdio.h"  /* confusing, distinct from <stdio.h> */

/* ... */

Compliant Solution

The solution addresses the problem by giving the local library a unique name (per PRE08-C. Guarantee that header file names are unique), which makes it apparent that the library used is not the original:

Code Block
bgColor#ccccFF
langc
/* Using a local version of stdio.h */ 
#include "mystdio.h"

/* ... */

Risk Assessment

Using header file names that conflict with other header file names can result in an incorrect file being included.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

PRE04-C

low

unlikely

medium

P2

L3

Automated Detection

ToolVersionCheckerDescription

ECLAIR

Include Page
ECLAIR_V
ECLAIR_V

hedrname

Fully implemented

LDRA tool suite

Include Page
LDRA_V
LDRA_V

218 S
568 S

Fully implemented

PRQA QA-C
Include Page
PRQA_V
PRQA_V
Secondary analysisFully implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C++ Secure Coding StandardPRE04-CPP. Do not reuse a standard header file name
CERT Oracle Secure Coding Standard for JavaDCL01-J. Do not reuse public identifiers from the Java Standard Library

Bibliography

[ISO/IEC 9899:2011]Section 7.1.2, "Standard Headers"