SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 98

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version 99

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

According to subclause 6.2.7 of the C Standard [ISO/AA. Bibliography#ISO-IEC 9899:-2011],

All declarations that refer to the same object or function shall have compatible type; otherwise, the behavior is undefined.

(See also undefined behavior CC. Undefined Behavior#ub_15 of Annex J.)

Further, according to subclause 6.4.2.1,

Any identifiers that differ in a significant character are different identifiers. If two identifiers differ only in nonsignificant characters, the behavior is undefined.

(See also undefined behavior CC. Undefined Behavior#ub_31 of Annex J.)

Identifiers in mutually visible scopes must be deemed unique by the compiler to prevent confusion about which variable or function is being referenced. BB. Implementations Definitions#implementation can allow additional nonunique characters to be appended to the end of identifiers, making the identifiers appear unique while actually being indistinguishable.

...

extern int *global_symbol_definition_lookup_table_a; extern int *global_symbol_definition_lookup_table_b;
Code Block
bgColor#FFcccc
langc
Compliant Solution (Source Character Set)
...
extern int *a_global_symbol_definition_lookup_table;
extern int *b_global_symbol_definition_lookup_table;

 Code Block
bgColor#ccccff
langc
Noncompliant Code Example (Universal Character Names)
...
 Code Block
bgColor#FFcccc
langc
extern int *\U00010401\U00010401\U00010401\U00010401;
extern int *\U00010401\U00010401\U00010401\U00010402;

Compliant Solution (Universal Character Names)
...
extern int *\U00010401\U00010401\U00010401\U00010401;
extern int *\U00010402\U00010401\U00010401\U00010401;

 Code Block
bgColor#ccccff
langc
Risk Assessment
Nonunique identifiers can lead to abnormal program termination, denial-of-service attacks, or unintended information disclosure.
...
Tool
Version
Checker
Description
CodeSonar
 Include Page
CodeSonar_V
CodeSonar_V
LANG.STRUCT.DECLTYPEGlobal variable declared with different types
Compass/ROSE
 
 
Can detect some violations of this rule but cannot flag violations involving universal names
CERT C Rules implemented in the LDRA tool suite
 Include Page
LDRA_V
LDRA_V
17 D
355 S
61 X
Fully implemented
PRQA QA-C
 Include Page
PRQA QA-C_v
PRQA QA-C_v
627, 776, 0777, 778, 0779
Partially implemented
Related Vulnerabilities
Search for vulnerabilities BB. Definitions#vulnerability resulting from the violation of this rule on the CERT website.
Related Guidelines
ISO/AA. Bibliography#ISO-IEC TR 24772:-2013Choice of Clear Names [NAI]
Identifier Name Reuse [YOW]
MISRA C:2012AA. Bibliography#MISRA 12Rule 5.1 through Rule 5.5 (required)
Bibliography
[ISO/AA. Bibliography#ISO-IEC 9899:-2011]
Subclause 6.2.7, "Compatible Type and Composite Type"
Subclause 6.4.1, "Keywords"
 
...
  Image Modified