SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 99

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 100

changes.mady.by.user Will Snavely

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Reverted from v. 98

According to subclause 6.2.7 of the C Standard [AA. Bibliography#ISO-ISO/IEC 9899-:2011],

All declarations that refer to the same object or function shall have compatible type; otherwise, the behavior is undefined.

(See also CC. Undefined Behavior#ub_undefined behavior 15 of Annex J.)

Further, according to subclause 6.4.2.1,

Any identifiers that differ in a significant character are different identifiers. If two identifiers differ only in nonsignificant characters, the behavior is undefined.

(See also CC. Undefined Behavior#ub_undefined behavior 31 of Annex J.)

Identifiers in mutually visible scopes must be deemed unique by the compiler to prevent confusion about which variable or function is being referenced. BB. Definitions#implementation Implementations can allow additional nonunique characters to be appended to the end of identifiers, making the identifiers appear unique while actually being indistinguishable.

...

Code Block
bgColor#FFcccc
langc
extern int *global_symbol_definition_lookup_table_a;
extern int *global_symbol_definition_lookup_table_b;

Compliant Solution (Source Character Set)

...

Code Block
bgColor#ccccff
langc
extern int *a_global_symbol_definition_lookup_table;
extern int *b_global_symbol_definition_lookup_table;

Noncompliant Code Example (Universal Character Names)

...

Code Block
bgColor#FFcccc
langc
extern int *\U00010401\U00010401\U00010401\U00010401;
extern int *\U00010401\U00010401\U00010401\U00010402;

Compliant Solution (Universal Character Names)

...

Code Block
bgColor#ccccff
langc
extern int *\U00010401\U00010401\U00010401\U00010401;
extern int *\U00010402\U00010401\U00010401\U00010401;

Risk Assessment

Nonunique identifiers can lead to abnormal program termination, denial-of-service attacks, or unintended information disclosure.

...

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
LANG.STRUCT.DECLTYPEGlobal variable declared with different types

Compass/ROSE

 

 

Can detect some violations of this rule but cannot flag violations involving universal names

CERT C Rules implemented in the LDRA tool suite

Include Page
LDRA_V
LDRA_V

17 D
355 S
61 X

Fully implemented

PRQA QA-C
Include Page
PRQA QA-C_v
PRQA QA-C_v

627, 776, 0777, 778, 0779

Partially implemented

Related Vulnerabilities

Search for BB. Definitions#vulnerability vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

AA. Bibliography#ISO-ISO/IEC TR 24772-:2013Choice of Clear Names [NAI]
Identifier Name Reuse [YOW]
AA. Bibliography#MISRA 12MISRA C:2012Rule 5.1 through Rule 5.5 (required)

Bibliography

[AA. Bibliography#ISO-ISO/IEC 9899-:2011]

Subclause 6.2.7, "Compatible Type and Composite Type"
Subclause 6.4.1, "Keywords"

 

...

Image Modified