SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 77

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version Current

changes.mady.by.user Jill Britton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Noncompliant Code Example

The following This noncompliant code example contains references to headers that may exist independently in various environments but can be ambiguously interpreted by a C-compliant compiler:

Code Block
bgColor#FFcccc
langc
#include "Library.h"
#include <stdio.h>
#include <stdlib.h>
#include "library.h"

#include "utilities_math.h"
#include "utilities_physics.h"

#include "my_library.h"

/* Rest of program ... */

Library.h and library.h may refer to the same file. Also, because only the first eight characters are guaranteed to be significant, it is unclear whether utilities_math.h and utilities_physics.h are parsed. Finally, if a file such as my_libraryOLD.h exists, it may inadvertently be included instead of my_library.h.

...

Code Block
bgColor#ccccFF
langc
#include "Lib_main.h"
#include <stdio.h>
#include <stdlib.h>
#include "lib_2.h"

#include "util_math.h"
#include "util_physics.h"

#include "my_library.h"

/* Rest of program ... */

The only solution for mitigating ambiguity of a file, such as my_libraryOLD.h, is to rename old files with either a prefix (that would fall within the first eight characters) or add an extension (such as my_library.h.old).

Exceptions

PRE08-C-EX1: Although the C Standard requires only the first eight characters in the file name to be significant, most modern systems have long file names, and compilers on such systems can typically differentiate them. Consequently, long file names in headers may be used, provided that all the implementations to which the code is ported can distinguish between these file names.

...

Failing to guarantee uniqueness of header files may result in the inclusion of an older version of a header file, which may include incorrect macro definitions or obsolete function prototypes or result in other errors that may or may not be detected by the compiler. Portability issues may also stem from the use of header names that are not guaranteed to be unique.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

PRE08-C

low

Low

unlikely

Unlikely

medium

Medium

P2

L3

Automated Detection

ToolVersionCheckerDescription
ECLAIR
Axivion Bauhaus Suite

Include Page

ECLAIR

Axivion Bauhaus Suite_V

ECLAIR

Axivion Bauhaus Suite_V

CC2.
CertC-PRE08

Fully implemented

Klocwork

ECLAIR

Include Page
Klocwork
ECLAIR_V
Klocwork
ECLAIR_V

IF_DUPL_HEADER

 PRQA QA-C

CC2.PRE08

Fully implemented

Helix QAC

Include Page

PRQA

Helix QAC_V

PRQAFully implemented

Helix QAC_V

Secondary Analysis
C5002

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++
Secure
Coding StandardVOID PRE08-CPP. Guarantee that header file names are unique

Bibliography

[ISO/IEC 9899:2011]Subclause 6.10.2, "Source File Inclusion"

 


...

Image Modified Image Modified Image Modified