SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 15

changes.mady.by.user Osona Steave

Saved on

compared with

New Version 16

changes.mady.by.user Shaun Hedrick

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#FFCCCC
char msg[100];

void hello_message()
{
  char msg[80] = "Hello";
  strcpy(msg, "Error");
}

printf("%s\n", msg);

Compliant Solution

This compliant solution uses different, more descriptive variable names.

Code Block
bgColor#ccccff
char error_msg[100];

void hello_message()
{
  char hello_msg[80] = "Hello";
  strcpy(error_msg, "Error");
}

printf("%s\n", error_msg);

Exceptions

When the block is small, the danger of reusing variable names is mitigated by the visibility of the immediate declaration. Even in this case, however, variable name reuse is not desirable.

Risk Assessment

Reusing a variable name in a sub-scope can lead to unintended values for the variable.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

DCL01-A

1 (low)

1 (unlikely)

2 (medium)

P2

L3

Examples of vulnerabilities resulting from the violation of this rule recommendation can be found on the
CERT website.

References

Wiki Markup
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 5.2.4.1, "Translation limits"
\[[MISRA 04|AA. C References#MISRA 04]\] Rule 5.2