SEI CERT C Coding Standard

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

An identifier can be classified as externally linked, internally linked, or not-linked.

An identifier that is classified as externally linked includes identifiers:

  • whose declaration contains the storage-class specifier extern, where no prior declaration of that identifier is visible.
  • for a function whose declaration contains no storage-class specifier.
  • for an object with file scope whose declaration contains no storage-class specifier.

An identifier that is classified as internally linked includes identifiers whose declaration contains the storage-class specifier static.

An identifer that is classified as not-linked include:

  • An identifier declared to be anything other than an object or a function.
  • An identifier declared to be a function parameter.
  • A block scope identifier for an object declared without the storage-class specifier extern.

If a prior declaration is visible and has no linkage, the latter declaration is externally linked. If a prior declaration is visible and has either internal or external linkage, the latter declaration is classified with the same linkage as the prior declaration.

Use of an identifier (within one translational unit) classified as both internally and externally linked causes undefined behavior. A translational unit includes the source file together with its headers, and all source files included via the preprocessing directive #include.

Non-Compliant Code Example

The first declaration of the identifier x is externally linked, while the second declaration is internally linked. Future use of this identifier results in undefined behavior.

int x; /* externally linked */

int main(void) {
   static int x; /* internally linked */
   /* use of identifier x results in undefined behavior */
}

Compliant Solution

More descriptive identifier names are used, avoiding any conflicts.

int external_x; /* externally linked */
int main(void) {
  static int internal_x; /* internally linked */
  /* we're good to go */
}

Risk Assessment

Use of an identifier classified as both internally and externally linked causes undefined behavior. However, it would be highly unlikely that an attacker could exploit this behavior to run arbitrary code.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

DCL05-A

1 (low)

2 (probable)

3 (low)

P6

L2

Examples of vulnerabilities resulting from the violation of this rule can be found on the CERT website.

References

[ISO/IEC 9899-1999] Section 6.2.2, "Linkages of identifiers"

  • No labels