You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 72 Next »

If a file with the same name as a standard header is placed in the search path for included source files, the behavior is undefined.

The following table lists these standard headers:

<assert.h>

<complex.h>

<ctype.h>

<errno.h>

<fenv.h>

<float.h>

<inttypes.h>

<iso646.h>

<limits.h>

<locale.h>

<math.h>

<setjmp.h>

<signal.h>

<stdarg.h>

<stdbool.h>

<stddef.h>

<stdint.h>

<stdio.h>

<stdlib.h>

<string.h>

<tgmath.h>

<time.h>

<uchar.h>

<wchar.h>

<wctype.h>

Do not reuse standard header file names, system-specific header file names, or other header file names.

Noncompliant Code Example

In this noncompliant code example, the programmer chooses to use a local version of the standard library but does not make the change clear.

#include "stdio.h"  /* confusing, distinct from <stdio.h> */

/* ... */

Compliant Solution

The solution addresses the problem by giving the local library a unique name (per PRE08-C. Guarantee that header file names are unique), which makes it apparent that the library used is not the original.

/* Using a local version of stdio.h */ 
#include "mystdio.h"

/* ... */

Risk Assessment

Using header file names that conflict with other header file names can result in an incorrect file being included.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

PRE04-C

low

unlikely

medium

P2

L3

Automated Detection

ToolVersionCheckerDescription

LDRA tool suite

9.7.1

218 S
568 S

Fully implemented

ECLAIR

1.2

hedrname

Fully implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C++ Secure Coding Standard: PRE04-CPP. Do not reuse a standard header file name

The CERT Oracle Secure Coding Standard for Java: DCL01-J. Do not reuse public identifiers from the Java Standard Library

ISO/IEC 9899:2011 Section 7.1.2, "Standard headers"

  • No labels