If a file with the same name as a standard header is placed in the search path for included source files, the behavior is undefined.
The following table from the C Standard, subclause 7.1.2 [ISO/IEC 9899:2011], lists these standard headers:
<complex<ctype<errno<fenv<float<complex.h> | <inttypes.h> | <setjmp.h> |
<iso646<limits<locale<math<setjmp<iso646.h> | <signal.h> | <stddef.h> | <string.h> | <wchar.h> |
<stdarg<stdbool<stddef<stdio<stdlib<string<tgmath<time<wchar<wctype Do not reuse standard header file names, system-specific header file names, or other header file names.
...
Noncompliant Code Example
In this NCCEnoncompliant code example, the programmer chooses to use a local version of the standard library but does not make the change clear.:
Code Block |
---|
bgColor | #FFcccc |
---|
lang | c#ffcccc |
---|
|
#include "stdio.h" /* confusingConfusing, distinct from <stdio.h> */
/* ... */
|
Compliant Solution
The solution addresses the problem by giving the local library a unique name (as per PRE08-AC. Guarantee that header file names are unique), which makes it explicit apparent that the library used is not the original.:
Code Block |
---|
bgColor | #ccccFF |
---|
lang | c#ccccff |
---|
|
/* Using a local version of stdio.h */
#include "mystdio.h"
/* ... */
|
Risk Assessment
Using header file names that conflict with the C standard library functions other header file names can result in not including the intended filean incorrect file being included.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|
PRE04- |
A low unlikely medium Automated Detection
...
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
...
Related Guidelines
Bibliography
...
...
...
...
PRE03-A. Prefer typedefs to defines for encoding types Edit PRE05-A. Understand macro replacement when concatenating tokens or performing stringificationImage Added Image Added Image Added