SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 69

changes.mady.by.user Astha Singhal

Saved on

compared with

New Version 70

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

According to Section 6.2.7 of C99C11,

All declarations that refer to the same object or function shall have compatible type; otherwise, the behavior is undefined.

(See also undefined behavior 1415 of Annex J.)

Further, according to 6.4.2.1, paragraph 6

Any identifiers that differ in a significant character are different identifiers. If two identifiers differ only in nonsignificant characters, the behavior is undefined.

(See also undefined behavior 28behavior 31 of Annex J.)

Identifiers in mutually visible scopes must be deemed unique by the compiler , to prevent confusion about which variable or function is being referenced. Implementations can allow additional non-unique nonunique characters to be appended to the end of identifiers, making the identifiers appear unique while actually being indistinguishable.

It is reasonable for scopes that are not visible to each other to have duplicate identifiers. For instance, two functions can each have a local variable with the same name because their scopes cannot access each other. But a function's local variable names should be distinct from each other , as well as from all static variables declared within the function's file (and from all included header files.)

...

Restriction of the significance of an external name to fewer than 255 characters in the standard (considering each universal character name or extended source character as a single character) is an obsolescent feature that is a concession to existing implementations. As a result, it is not necessary to comply with this restriction as long as the identifiers are unique , and the assumptions concerning the number of significant characters are documented.

...

On implementations that support only the minimum requirements for significant characters required by the standard, this code example is noncompliant because the first 31 characters of the external identifiers are identical:.

Code Block
bgColor#FFcccc
langc
extern int *global_symbol_definition_lookup_table_a;
extern int *global_symbol_definition_lookup_table_b;

...

Code Block
bgColor#ccccff
langc
extern int *\U00010401\U00010401\U00010401\U00010401;
extern int *\U00010402\U00010401\U00010401\U00010401;

Risk Assessment

Non-unique Nonunique identifiers can lead to abnormal program termination, denial-of-service attacks, or unintended information disclosure.

...

sectioncan

Can detect some violations of this rule. However, it cannot flag violations involving universal names.

Tool

Version

Checker

Description

LDRA tool suite

Include Page
LDRA_V
LDRA_V
section

17 D
355 S
61 X

section

Fully

Implemented section

implemented.

Compass/ROSE

 

 

Section

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

ISO/IEC 9899:19992011 Section 5.2.4.1, "Translation limits"

ISO/IEC TR 24772 "AJN Choice of Filenames and Other External Identifiersfilenames and other external identifiers" and "YOW Identifier name reuse"

...