SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 6

changes.mady.by.user Robert Seacord

Saved on

compared with

New Version 7

changes.mady.by.user Justin Pincar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Non-Compliant Code Example

In this non-compliant code example, the The first declaration of the identifier x is externally linked, while the second declaration is internally linked. Future use of this identifier results in undefined behavior.

Code Block
borderColor#black
bgColorFFCCCC
titleBGColor#F7D6C1
borderStyledashed#FFCCCC
int x; /* externally linked */

int main(void) {
   static int x; /* internally linked */
  ... /* use of identifier x results in undefined behavior */
}

Compliant Solution

In this compliant solution, more More descriptive identifier names are used, so as to avoid this problemavoiding any conflicts.

Code Block
borderColor#black
bgColorccccff
titleBGColor#F7D6C1
borderStyledashed
#ccccff
int external_x; /* externally linked */
int main(void) {
  static int internal_x; /* internally linked */
  .../* we're good to go */
}

Risk Assessment

Use of an identifier classified as both internally and externally linked causes undefined behavior in the program. However, it would be highly unlikely that an attacker could exploit this behavior to run arbitrary code.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

DCL05-A

1  (low)

2 (probable)

3  (low)

P6

L2

Examples of vulnerabilities resulting from the violation of this rule can be found on the CERT website.

...