An identifier can be classified as externally linked, internally linked, or not-linked.
An identifier that is classified as externally linked includes identifiers:
- whose declaration contains the storage-class specifier
extern
, where no prior declaration of that identifier is visible. - for a function whose declaration contains no storage-class specifier.
- for an object with file scope whose declaration contains no storage-class specifier.
An identifier that is classified as internally linked includes identifiers whose declaration contains the storage-class specifier static
.
An identifier that is classified as not-linked include:
- An identifier declared to be anything other than an object or a function.
- An identifier declared to be a function parameter.
- A block scope identifier for an object declared without the storage-class specifier
extern
.
If a prior declaration is visible and has no linkage, the latter declaration is externally linked. If a prior declaration is visible and has either internal or external linkage, the latter declaration is classified with the same linkage as the prior declaration.
Use of an identifier (within one translational unit) classified as both internally and externally linked causes undefined behavior. A translational unit includes the source file together with its headers, and all source files included via the preprocessing directive #include
.
This recommendation is a weaker recommendation than [[DCL01-A]].
Non-Compliant Code Example
The first declaration of the identifier x
is externally linked, while the second declaration is internally linked. Future use of this identifier results in undefined behavior.
int x; /* externally linked */ int main(void) { static int x; /* internally linked */ /* use of identifier x results in undefined behavior */ }
Compliant Solution
This compliant solution uses different (and more descriptive) identifiers to avoid any conflicts.
int external_x; /* externally linked */ int main(void) { static int internal_x; /* internally linked */ /* we're good to go */ }
Risk Assessment
Use of an identifier classified as both internally and externally linked causes undefined behavior. However, it would be highly unlikely that an attacker could exploit this behavior to run arbitrary code.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
DCL07-A |
1 (low) |
2 (probable) |
3 (low) |
P6 |
L2 |
Examples of vulnerabilities resulting from the violation of this rule can be found on the CERT website.
References
[[ISO/IEC 9899-1999:TC2]] Section 6.2.2, "Linkages of identifiers"