SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 15

changes.mady.by.user Lee Mancuso

Saved on

compared with

New Version Current

changes.mady.by.user Anirban Gangopadhyay

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

If a file with the same name as a standard file name header is placed in the search path for included source files, the behavior is undefined.

The following table from the C Standard, subclause 7.1.2 [ISO/IEC 9899:2011], lists these standard headers are:

<assert.h>
<complex
<float.h><math.h>
<ctype
<stdatomic.h>
<errno
<stdlib.h>
<fenv
<time.h>
<float
<complex.h><inttypes.h><setjmp.h>
<iso646
<stdbool.h>
<limits
<stdnoreturn.h>
<locale
<uchar.h>
<math
<ctype.h>
<setjmp
<iso646.h><signal.h>
<stdarg
<stddef.h><string.h><wchar.h>
<errno.h>
<stdbool
<limits.h>
<stddef
<stdalign.h><stdint.h><tgmath.h>
<stdio
<wctype.h>
<stdlib
<fenv.h>
<string
<locale.h>
<tgmath
<stdarg.h>
<time
<stdio.h>

<wchar.h>

<wctype.h>

<threads.h>

Do not reuse standard header file names, system-specific header file names, or other header file names.

Noncompliant Code Example

In this noncompliant code example, the programmer chooses to use a local version of the standard library but does not make the change clear:

Code Block
bgColor#FFcccc
langc
#include "stdio.h"  /* Confusing, distinct from <stdio.h> */

/* ... */

Compliant Solution

The solution addresses the problem by giving the local library a unique name (per PRE08-C. Guarantee that header file names are unique), which makes it apparent that the library used is not the original:

Code Block
bgColor#ccccFF
langc
/* Using a local version of stdio.h */ 
#include "mystdio.h"

/* ... */

Risk Assessment

Using header file names that conflict with the C standard library functions other header file names can result in not including the intended filean incorrect file being included.

Recommendation

Severity

Likelihood

Remediation Cost

Detectable

Repairable

Priority

Level

PRE04-

A

1 (low)

1 (unlikely)

3 (low)

P3

L3

C

Low

Unlikely

Yes

No

P2

L3

Automated Detection

ToolVersionCheckerDescription
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-PRE04
Cppcheck Premium

Include Page
Cppcheck Premium_V
Cppcheck Premium_V

premium-cert-pre04-c

ECLAIR

Include Page
ECLAIR_V
ECLAIR_V

CC2.PRE04

Fully implemented

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C5001
LDRA tool suite
Include Page
LDRA_V
LDRA_V

568 S

Fully implemented

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rec. PRE04-C

Checks for reuse of standard header file (rec. fully covered)

Security Reviewer - Static Reviewer

Include Page
Security Reviewer - Static Reviewer_V
Security Reviewer - Static Reviewer_V

RTOS_22Fully implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

...

Related Guidelines

SEI CERT C++ Coding StandardVOID PRE04-CPP. Do not reuse a standard header file name
CERT Oracle Secure Coding Standard for JavaDCL01-J. Do not reuse public identifiers from the Java Standard Library

Bibliography

[ISO/IEC 9899:2011]Subclause

...

7.1.2,

...

"Standard

...

Headers"


...

DCL03 NCCE 1       01. Preprocessor (PRE)       PRE05-A. Use parentheses around any macro replacement list containing operatorsImage Added Image Added Image Added