SEI CERT C Coding Standard

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

The C99 standard makes the following statements about parsing header files:

  • The first eight characters in the filename are significant
  • The file only has one character after the period in the filename
  • The case of the characters in the filename is not necessarily significant

Therefore, to guarantee header filenames are unique, all included files should differ (in a case insensitive manner) in their first eight characters or in their (one character) file extension.

Non-Compliant Code Example

The following non-compliant code contains references to headers that may exist independently on a specific architecture, can be ambiguously interpreted by a C99 compliant compiler.

#include "Library.h"
#include <stdio.h>
#include <stdlib.h>
#include "library.h"

#include "utilities_math.h"
#include "utilities_physics.h"

#include "my_library.h"

/* Rest of program */

Library.h and library.h may be interpreted as being the same file. Also, because only the first eight characters are guaranteed to be significant, it is unknown which of utilities_math.h and utilities_physics.h will actually be parsed. Finally, if there existed a file such as my_libraryOLD.h it may inadvertently be included instead of my_library.h.

Compliant Solution

This compliant solution avoids the ambiguity by renaming the associated files to be unique under the above constraints.

#include "Lib_main.h"
#include <stdio.h>
#include <stdlib.h>
#include "lib_2.h"

#include "util_math.h"
#include "util_physics.h"

#include "my_library.h"

/* Rest of program */

The only solution for mitigating ambiguity of a file such as my_libraryOLD.h is to rename old files with either a prefix (that would fall within the first eight characters) or to add an extension (such as my_library.h.old).

Risk Assessment

Failing to guarantee uniqueness of header files may cause the inclusion of an older version of a header file, which may include insecure implementations of macros.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

PRE31-C

1 (low)

1 (unlikely)

1 (high)

P1

L3

References

[[ISO/IEC 9899-1999]] Section 6.10.2 "Source file inclusion"

  • No labels