An identifier can be classified as externally linked, internally linked, or not-linked.
An identifier that is classified as externally linked includes identifiers:
- whose declaration contains the storage-class specifier
extern, where no prior declaration of that identifier is visible. - for a function whose declaration contains no storage-class specifier.
- for an object with file scope whose declaration contains no storage-class specifier.
An identifier that is classified as internally linked includes identifiers whose declaration contains the storage-class specifier static.
An identifier that is classified as not-linked include:
- An identifier declared to be anything other than an object or a function.
- An identifier declared to be a function parameter.
- A block scope identifier for an object declared without the storage-class specifier
extern.
If a prior declaration is visible and has no linkage, the latter declaration is externally linked. If a prior declaration is visible and has either internal or external linkage, the latter declaration is classified with the same linkage as the prior declaration.
Use of an identifier (within one translational unit) classified as both internally and externally linked causes undefined behavior. A translational unit includes the source file together with its headers, and all source files included via the preprocessing directive #include.
This recommendation is a weaker recommendation than [[DCL01-A. Do not reuse variable names in sub-scopes]].
Non-Compliant Code Example
In this non-compliant code example, i2 and i5 is defined as having both internal and external linkage. Future use of either identifier results in undefined behavior.
int i1 = 10; /* definition, external linkage */ static int i2 = 20; /* definition, internal linkage */ extern int i3 = 30; /* definition, external linkage */ int i4; /* tentative definition, external linkage */ static int i5; /* tentative definition, internal linkage */ int i1; /* valid tentative definition */ int i2; /* not legal, linkage disagreement with previous */ int i3; /* valid tentative definition */ int i4; /* valid tentative definition */ int i5; /* not legal, linkage disagreement with previous */
Compliant Solution
This compliant solution does not include conflicting definitions.
int i1 = 10; /* definition, external linkage */ static int i2 = 20; /* definition, internal linkage */ extern int i3 = 30; /* definition, external linkage */ int i4; /* tentative definition, external linkage */ static int i5; /* tentative definition, internal linkage */
Risk Assessment
Use of an identifier classified as both internally and externally linked causes undefined behavior. However, it is unlikely that an attacker could exploit this behavior to run arbitrary code.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
DCL07-A |
1 (low) |
2 (probable) |
3 (low) |
P6 |
L2 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.]
References
[[ISO/IEC 9899-1999:TC2]] Section 6.2.2, "Linkages of identifiers"