SEI CERT C Coding Standard

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 31 Next »

If a file with the same name as a standard header is placed in the search path for included source files, the behavior is undefined.

These are the standard headers:

<assert.h>

<complex.h>

<ctype.h>

<errno.h>

<fenv.h>

<float.h>

<inttypes.h>

<iso646.h>

<limits.h>

<locale.h>

<math.h>

<setjmp.h>

<signal.h>

<stdarg.h>

<stdbool.h>

<stddef.h>

<stdint.h>

<stdio.h>

<stdlib.h>

<string.h>

<tgmath.h>

<time.h>

<wchar.h>

<wctype.h>

Do not reuse standard header file names, system specific header file names, or other header file names.

Non-Compliant Code Example

In this NCCE the programmer chooses to use a local version of the standard library, but does not make the change clear.

#include "stdio.h"  /* confusing, distinct from <stdio.h> */

/* ... */

Compliant Solution

The solution addresses the problem by giving the local library a unique name (as per [[PRE08-A. Guarantee that header filenames are unique]]) which makes it explicit that the library used is not the original.

/* Using a local version of stdio.h */ 
#include "mystdio.h"

/* ... */

Risk Assessment

Using header names that conflict with the C standard library functions can result in not including the intended file.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

PRE04-A

low

unlikely

low

P3

L3

Automated Detection

The LDRA tool suite V 7.6.0 is able to detect violations of this recommendation.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

[[ISO/IEC 9899-1999]] Section 7.1.2, "Standard Headers"

PRE03-A. Prefer typedefs to defines for encoding types      01. Preprocessor (PRE)       PRE05-A. Understand macro replacement when concatenating tokens or performing stringification

  • No labels