An identifier can be classified as externally linked, internally linked, or not-linked.
An identifier that is classified as externally linked includes identifiers:
- whose declaration contains the storage-class specifier extern, where no prior declaration of that identifier is visible.*
- for a function whose declaration contains no storage-class specifier.
- for an object with file scope whose declaration contains no storage-class specifier.
An identifier that is classified as internally linked includes identifiers whose declaration contains the storage-class specifier static.
An identifer that is classified as not-linked include:
- An identifier declared to be anything other than an object or a function.
- An identifier declared to be a function parameter.
- A block scope identifier for an object declared without the storage-class specifier extern.
(* If a prior declaration is visible and has no linkage, the latter declaration is externally linked.
If a prior declaration is visible and has either internal or external linkage, the latter declaration is classified with the same linkage as the prior declaration.)
Use of an identifier (within one translational unit) classified as both internally and externally linked causes undefined behavior. A translational unit includes the sourcefile together with its headers, and all sourcefiles included via the preprocessing directive #include.
Non-Compliant Example
In this non-compliant example, the first declaration of the identifier x would be classified as externally linked. The second declaration is internally linked. Future use of this identifier can cause undefined behavior.
Compliant Solution
In this compliant solution, more descriptive identifier names are used, so as to avoid this problem.
Risk Assessment
Use of an identifier classified as both internally and externally linked causes undefined behavior in the program. However, it would be highly unlikely that an attacker could exploit this behavior to run arbitrary code.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
DCL05-A |
1 (low) |
2 (probable) |
3 (low) |
P6 |
L2 |
Examples of vulnerabilities resulting from the violation of this rule can be found on the CERT website.
References
[ISO/IEC 9899-1999] Section 6.2.2, "Linkages of identifiers"