...
It is not necessary to go beyond the standard C library to find examples of inconsistent interfaces: the standard library is a fusion of multiple libraries with various styles and levels of rigor. For example, the fputs() defined in the C Standard, Section subclause 7.21.7.4 [ISO/IEC 9899:2011], is closely related to the fprintf() defined in Section subclause 7.21.6.1. However, fputs()'s file handle is at the end, and fprintf()'s is at the beginning, as shown by their function declarations.:
| Code Block | ||||
|---|---|---|---|---|
| ||||
int fputs(const char * restrict s, FILE * restrict stream); int fprintf(FILE * restrict stream, const char * restrict format, ...); |
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <stdio.h> #define fputs(X,Y) fputs(Y,X) |
However, according to Section 7to subclause 7.1.3 of the C Standard, the behavior of a program that defines a symbol, including a macro, with the same name as that of a standard library function, type, macro, or other reserved identifier is undefined.
Using inconsistent interfaces makes the code difficult to read, for example, by causing confusion when moving between code that follows this convention and code that does not. In effect, it becomes impossible to modify an interface once that interface has been broadly adopted. Consequently, it is important to get the interface design right the first time.
...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
API03-C | mediumMedium | unlikelyUnlikely | mediumMedium | P4 | L3 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...