...
| Code Block | ||
|---|---|---|
| ||
#include ""Library.h"" #include <stdio.h><stdio.h> #include <stdlib.h><stdlib.h> #include ""library.h"" #include ""utilities_math.h"" #include ""utilities_physics.h"" #include ""my_library.h"" /* Rest of program */ |
Library.h and library.h may refer to the same file. Also, because only the first eight characters are guaranteed to be significant, it is unclear whether utilities_math.h and utilities_physics.h are parsed. Finally, if a file such as my_libraryOLD.h exists, it may inadvertently be included instead of my_library.h.
...
| Code Block | ||
|---|---|---|
| ||
#include ""Lib_main.h"" #include <stdio.h><stdio.h> #include <stdlib.h><stdlib.h> #include ""lib_2.h"" #include ""util_math.h"" #include ""util_physics.h"" #include ""my_library.h"" /* Rest of program */ |
The only solution for mitigating ambiguity of a file such as my_libraryOLD.h is to rename old files with either a prefix (that would fall within the first eight characters) or add an extension (such as my_library.h.old).
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.10.2, ""Source file inclusion"" \[[MISRA 04|AA. C References#MISRA 04]\] Rule 19.5 |
...
01. Preprocessor (PRE) PRE09-C. Do not replace secure functions with less secure functions