If a file with the same name as a standard header is placed in the search path for included source files, the behavior is undefined.
The following table lists these standard headers:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Do not reuse standard header file names, system-specific header file names, or other header file names.
Noncompliant Code Example
In this noncompliant code example, the programmer chooses to use a local version of the standard library but does not make the change clear.
#include "stdio.h" /* confusing, distinct from <stdio.h> */ /* ... */
Compliant Solution
The solution addresses the problem by giving the local library a unique name (per recommendation PRE08-C. Guarantee that header file names are unique), which makes it apparent that the library used is not the original.
/* Using a local version of stdio.h */ #include "mystdio.h" /* ... */
Risk Assessment
Using header file names that conflict with other header file names can result in an incorrect file being included.
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
PRE04-C |
low |
unlikely |
medium |
P2 |
L3 |
Automated Detection
Tool |
Version |
Checker |
Description |
|---|---|---|---|
| 9.7.1 | 218 S |
Fully Implemented |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
CERT C++ Secure Coding Standard: PRE04-CPP. Do not reuse a standard header file name
ISO/IEC 9899:1999 Section 7.1.2, "Standard Headers"
The CERT Oracle Secure Coding Standard for Java: DCL01-J. Do not reuse public identifiers from the Java Standard Library
Bibliography
PRE03-C. Prefer typedefs to defines for encoding types 01. Preprocessor (PRE)