...
Use of an identifier (within one translational unit) classified as both internally and externally linked causes undefined behavior. A translational unit includes the source file together with its headers, and all source files included via the preprocessing directive #include.
Non-Compliant Code Example
The first declaration of the identifier x is externally linked, while the second declaration is internally linked. Future use of this identifier results in undefined behavior.
| Code Block | ||
|---|---|---|
| ||
int x; /* externally linked */
int main(void) {
static int x; /* internally linked */
/* use of identifier x results in undefined behavior */
}
|
Compliant Solution
More descriptive identifier names are used, avoiding any conflicts.
| Code Block | ||
|---|---|---|
| ||
int external_x; /* externally linked */
int main(void) {
static int internal_x; /* internally linked */
/* we're good to go */
}
|
Risk Assessment
Use of an identifier classified as both internally and externally linked causes undefined behavior. However, it would be highly unlikely that an attacker could exploit this behavior to run arbitrary code.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
DCL05 DCL07-A | 1 (low) | 2 (probable) | 3 (low) | P6 | L2 |
Examples of vulnerabilities resulting from the violation of this rule can be found on the CERT website.
References
| Wiki Markup |
|---|
\[ISO/IEC 9899-1999\] Section 6.2.2, "Linkages of identifiers" |