...
The following table from the C Standard, section subclause 7.1.2 [ISO/IEC 9899:2011], lists these standard headers:
<assert.h> | <float.h> | <math.h> | <stdatomic.h> | <stdlib.h> | <time.h> |
<complex.h> | <inttypes.h> | <setjmp.h> | <stdbool.h> | <stdnoreturn.h> | <uchar.h> |
<ctype.h> | <iso646.h> | <signal.h> | <stddef.h> | <string.h> | <wchar.h> |
<errno.h> | <limits.h> | <stdalign.h> | <stdint.h> | <tgmath.h> | <wctype.h> |
<fenv.h> | <locale.h> | <stdarg.h> | <stdio.h> | <threads.h> |
Do not reuse standard header file names, system-specific header file names, or other header file names.
...
Code Block | ||||
---|---|---|---|---|
| ||||
#include "stdio.h" /* confusingConfusing, distinct from <stdio.h> */ /* ... */ |
...
Using header file names that conflict with other header file names can result in an incorrect file being included.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
PRE04-C |
Low |
Unlikely |
Medium | P2 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Axivion Bauhaus Suite |
| CertC-PRE04 | |||||||
|
CC2.PRE04 | Fully implemented |
Helix QAC |
|
|
|
218 S
568 S
Fully implemented
C5001 | ||
LDRA tool suite |
|
|
|
568 S | Fully implemented |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
SEI CERT C++ |
Coding Standard | VOID PRE04-CPP. Do not reuse a standard header file name |
CERT Oracle Secure Coding Standard for Java | DCL01-J. Do not reuse public identifiers from the Java Standard Library |
Bibliography
...
...