 
                            If a file with the same name as a standard file name header is placed in the search path for included source files, the behavior is undefined.
The following table from the C Standard, subclause 7.1.2 [ISO/IEC 9899:2011], lists these standard headers are:
| <assert.h> | 
| <float.h> | <math.h> | 
| <stdatomic.h> | 
| <stdlib.h> | 
| <time.h> | 
| <complex.h> | <inttypes.h> | <setjmp.h> | 
| <stdbool.h> | 
| <stdnoreturn.h> | 
| <uchar.h> | 
| <ctype.h> | 
| <iso646.h> | <signal.h> | 
| <stddef.h> | <string.h> | <wchar.h> | 
| <errno.h> | 
| <limits.h> | 
| <stdalign.h> | <stdint.h> | <tgmath.h> | 
| <wctype.h> | 
| <fenv.h> | 
| <locale.h> | 
| <stdarg.h> | 
| <stdio.h> | 
 <wchar.h> 
 <wctype.h> 
| <threads.h> | 
Do not reuse standard header file names, system-specific header file names, or other header file names.
Noncompliant Code Example
In this noncompliant code example, the programmer chooses to use a local version of the standard library but does not make the change clear:
| Code Block | ||||
|---|---|---|---|---|
| 
 | ||||
| #include "stdio.h"  /* Confusing, distinct from <stdio.h> */
/* ... */
 | 
Compliant Solution
The solution addresses the problem by giving the local library a unique name (per PRE08-C. Guarantee that header file names are unique), which makes it apparent that the library used is not the original:
| Code Block | ||||
|---|---|---|---|---|
| 
 | ||||
| /* Using a local version of stdio.h */ 
#include "mystdio.h"
/* ... */
 | 
Risk Assessment
Using header file names that conflict with the C standard library functions other header file names can result in not including the intended filean incorrect file being included.
| Recommendation | Severity | Likelihood | 
|---|
| Detectable | Repairable | Priority | Level | 
|---|---|---|---|
| PRE04- | 
1 (low)
1 (unlikely)
3 (low)
P3
| C | Low | Unlikely | Yes | No | P2 | L3 | 
Automated Detection
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Axivion Bauhaus Suite | 
 | CertC-PRE04 | |||||||
| Cppcheck Premium | 
 | premium-cert-pre04-c | |||||||
| 
 | CC2.PRE04 | Fully implemented | |||||||
| Helix QAC | 
 | C5001 | |||||||
| LDRA tool suite | 
 | 568 S | Fully implemented | ||||||
| Polyspace Bug Finder | 
 | Checks for reuse of standard header file (rec. fully covered) | |||||||
| Security Reviewer - Static Reviewer | 
 | RTOS_22 | Fully implemented | 
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
...
Related Guidelines
| SEI CERT C++ Coding Standard | VOID PRE04-CPP. Do not reuse a standard header file name | 
| CERT Oracle Secure Coding Standard for Java | DCL01-J. Do not reuse public identifiers from the Java Standard Library | 
Bibliography
| [ISO/IEC 9899:2011] | Subclause | 
...
| 7.1.2, | 
...
| "Standard | 
...
| Headers" | 
...
DCL03 NCCE 1 01. Preprocessor (PRE) PRE05-A. Use parentheses around any macro replacement list containing operators