...
Use of an identifier (within one translational unit) classified as both internally and externally linked causes undefined behavior. A translational unit includes the source file together with its headers, and all source files included via the preprocessing directive #include.
Non-Compliant Code Example
In this non-compliant code example, i2 and i5 is defined as having both internal and external linkage. Future use of either identifier results in undefined behavior.
| Code Block | ||
|---|---|---|
| ||
int i1 = 10; /* definition, external linkage */ static int i2 = 20; /* definition, internal linkage */ extern int i3 = 30; /* definition, external linkage */ int i4; /* tentative definition, external linkage */ static int i5; /* tentative definition, internal linkage */ int i1; /* valid tentative definition */ int i2; /* not legal, linkage disagreement with previous */ int i3; /* valid tentative definition */ int i4; /* valid tentative definition */ int i5; /* not legal, linkage disagreement with previous */ |
Compliant Solution
This compliant solution does not include conflicting definitions.
| Code Block | ||
|---|---|---|
| ||
int i1 = 10; /* definition, external linkage */ static int i2 = 20; /* definition, internal linkage */ extern int i3 = 30; /* definition, external linkage */ int i4; /* tentative definition, external linkage */ static int i5; /* tentative definition, internal linkage */ |
Risk Assessment
Use of an identifier classified as both internally and externally linked causes undefined behavior. However, it is unlikely that an attacker could exploit this behavior to run arbitrary code.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
DCL07-A | 1 (low) | 2 (probable) | 3 (low) | P6 | L2 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[ISO/IEC 9899-1999:TC2|AA. C References#ISO/IEC 9899-1999TC2]\] Section 6.2.2, "Linkages of identifiers" |